Unfortunately MUD does not solve the possibility of corrupted/hacked update servers. This is a highly likely attack type we will see in the future. I highly appreciate your approach of detecting behaviour pattern changes of devices, it could help reducing the effects of hacked devices as well as from corrupted firmware updates. I also think a collaboration with the SPIN project would be really beneficial, they work on similar concepts and solutions and can contribute a lot.
Yes, we just talked about this at lunch, MUD would be useful to lockdown your smart TV to netflix and youtube only + vendor firmware update.
-----Original Message----- From: Peter Steinhäuser <ps@embedd.com> Sent: October 22, 2018 10:02 AM To: Jacques Latour <Jacques.Latour@cira.ca> Cc: Jelte Jansen <ripe@tjeb.nl>; Jim Reid <jim@rfc1035.com>; RIPE IoT WG List <iot-wg@ripe.net> Subject: Re: [iot-wg] "The Internet of Threats: Fighting FUD with MUD"
Hi Jacques,
I just joined this group. Today's and tomorrow's smart television are more a full blown computer with screen and keyboard, and it difficult to pin down exactly what the device should be doing in a MUD profile. It's not a real IoT device.
nevertheless a MUD file could be used to describe service classes of a TV, like „TV Streaming“, „Social Media“ etc. to give the end user simple choices and at least some control about what the device should be allowed to do.
Regards, Peter