I was talking to Cristian at lunch also about integrating SPIN, so yes, detecting and quarantining infected IoT device is important, but the big question is what do we do with the infected device.
-----Original Message----- From: Peter Steinhäuser <ps@embedd.com> Sent: October 22, 2018 1:51 PM To: Jacques Latour <Jacques.Latour@cira.ca> Cc: Jelte Jansen <ripe@tjeb.nl>; Jim Reid <jim@rfc1035.com>; RIPE IoT WG List <iot-wg@ripe.net> Subject: Re: [iot-wg] "The Internet of Threats: Fighting FUD with MUD"
Unfortunately MUD does not solve the possibility of corrupted/hacked update servers. This is a highly likely attack type we will see in the future.
I highly appreciate your approach of detecting behaviour pattern changes of devices, it could help reducing the effects of hacked devices as well as from corrupted firmware updates.
I also think a collaboration with the SPIN project would be really beneficial, they work on similar concepts and solutions and can contribute a lot.
Yes, we just talked about this at lunch, MUD would be useful to lockdown your smart TV to netflix and youtube only + vendor firmware update.
-----Original Message----- From: Peter Steinhäuser <ps@embedd.com> Sent: October 22, 2018 10:02 AM To: Jacques Latour <Jacques.Latour@cira.ca> Cc: Jelte Jansen <ripe@tjeb.nl>; Jim Reid <jim@rfc1035.com>; RIPE IoT WG List <iot-wg@ripe.net> Subject: Re: [iot-wg] "The Internet of Threats: Fighting FUD with MUD"
Hi Jacques,
I just joined this group. Today's and tomorrow's smart television are more a full blown computer with screen and keyboard, and it difficult to pin down exactly what the device should be doing in a MUD profile. It's not a real IoT device.
nevertheless a MUD file could be used to describe service classes of a TV, like „TV Streaming“, „Social Media“ etc. to give the end user simple choices and at least some control about what the device should be allowed to do.
Regards, Peter