I was talking to Cristian at lunch also about integrating SPIN, so yes, detecting and quarantining infected IoT device is important, but the big question is what do we do with the infected device.

-----Original Message-----
From: Peter Steinhäuser <ps@embedd.com>
Sent: October 22, 2018 1:51 PM
To: Jacques Latour <Jacques.Latour@cira.ca>
Cc: Jelte Jansen <ripe@tjeb.nl>; Jim Reid <jim@rfc1035.com>; RIPE IoT WG List
<iot-wg@ripe.net>
Subject: Re: [iot-wg] "The Internet of Threats: Fighting FUD with MUD"

Unfortunately MUD does not solve the possibility of corrupted/hacked update
servers. This is a highly likely attack type we will see in the future.

I highly appreciate your approach of detecting behaviour pattern changes of
devices, it could help reducing the effects of hacked devices as well as from
corrupted firmware updates.

I also think a collaboration with the SPIN project would be really beneficial, they
work on similar concepts and solutions and can contribute a lot.

Yes, we just talked about this at lunch, MUD would be useful to lockdown your

smart TV to netflix and youtube only + vendor firmware update.

-----Original Message-----
From: Peter Steinhäuser <ps@embedd.com>
Sent: October 22, 2018 10:02 AM
To: Jacques Latour <Jacques.Latour@cira.ca>
Cc: Jelte Jansen <ripe@tjeb.nl>; Jim Reid <jim@rfc1035.com>; RIPE IoT
WG List <iot-wg@ripe.net>
Subject: Re: [iot-wg] "The Internet of Threats: Fighting FUD with MUD"

Hi Jacques,

I just joined this group.  Today's and tomorrow's smart television
are more a

full blown computer with screen and keyboard, and it difficult to pin
down exactly what the device should be doing in a MUD profile.  It's
not a real IoT device.

nevertheless a MUD file could be used to describe service classes of
a TV, like „TV Streaming“, „Social Media“ etc. to give the end user
simple choices and at least some control about what the device should be

allowed to do.

Regards,
Peter