Re: Security? What "Security"?

On 11-Oct-24 10:17 pm, Sn!pe wrote:

My pet rock Gordon asserts that every networked device has a backdoor.
Therefore, anything viewable in clear on that device is insecure and the
quality of message encryption is moot.
>

 An initial question is what exactly is meant by "backdoor". Any networked device that is capable of remote update by the vendor can presumably be updated by the vendor to do anything that any device on your network can do. But this does not imply that anyone else can do that. Of course it does mean that you security depends on the security of the vendor, which is an unknown quantity. This is partly why the few remotely updatable devices that I do own are fire-walled off from the rest of my internal network.
 Few networked devices accept incoming connections, for the simple reason that they're unlikely to get past a gateway router. Most work by making outgoing connections to the vendor's server. The better implementations require an authenticated server certificate, which makes impersonation of the vendor pretty much impossible. Without a certificate the intending intruder may engage in something like a DNS cache poisoning attack, but they have become more difficult over the years.
 If one is to worry about back-doors, the main vulnerability is the router itself, and this has indeed been a problem in the past, especially where the ISP has the ability to update firmware or change settings, because now one is dependent on the security of the ISP, which is not always been up to the task.
 Commercially supplied routers have a bad record of vulnerabilities. I use a small single board computer as a gateway instead.
 Sylvia.