Posts Tagged ‘RightToRepair’
[DefCon32] How to Keep IoT From Becoming An IoTrash
The proliferation of Internet of Things (IoT) devices promises connectivity but risks creating a digital wasteland of abandoned, vulnerable gadgets. Paul Roberts, Chris Wysopal, Cory Doctorow, Tarah Wheeler, and Dennis Giese, a distinguished panel from Secure Resilient Future Foundation, Electronic Frontier Foundation, Veracode, Red Queen Dynamics, and DontVacuum.me, respectively, address this crisis. Their discussion, rooted in cybersecurity and policy expertise, explores solutions to prevent IoT devices from becoming e-waste, advocating for transparency, ownership, and resilience.
The Growing Threat of Abandonware
Paul opens by highlighting the scale of the issue: end-of-life devices, from routers to medical equipment, are abandoned by manufacturers, leaving them susceptible to exploitation. Black Lotus Labs’ discovery of 40,000 compromised SOHO routers in the “Faceless” botnet underscores this danger. Cory introduces the concept of “enshittification,” where platforms and devices degrade as manufacturers prioritize profits over longevity, citing Spotify’s Car Thing, bricked without refunds after brief market presence.
Policy and Right-to-Repair Solutions
Tarah and Chris advocate for legislative reforms, such as updating the Digital Millennium Copyright Act (DMCA), to grant consumers repair rights. Google’s extension of Chromebook support to ten years saved millions in e-waste, a model Tarah suggests for broader adoption. Chris emphasizes that unmaintained devices fuel botnets, threatening critical infrastructure. Policy changes, including antitrust enforcement to curb monopolistic practices, could compel manufacturers to prioritize device longevity and security.
Cybersecurity Implications and Community Action
Dennis, known for reverse-engineering vacuum robots, stresses the cybersecurity risks of abandoned devices. Malicious actors exploit unpatched vulnerabilities, conscripting devices into botnets. He calls for community-driven efforts to document and secure IoT systems. Paul, through the Secure Resilient Future Foundation, encourages grassroots advocacy, such as contacting local representatives to support repair-friendly legislation, making it easier for individuals to contribute without navigating complex policy landscapes.
Redefining Ownership and Sustainability
Cory argues for redefining ownership in the IoT era, criticizing practices like Adobe’s Creative Cloud, where Pantone’s licensing dispute threatened to render designers’ work unusable. By designing devices to resist forced downgrades, manufacturers can empower users to maintain control. The panel collectively urges a shift toward sustainable design, where devices remain functional through community-driven updates, reducing e-waste and enhancing digital resilience.