SoylentNews is people
SoylentNews
posted by
cmn32480
on Thursday August 20 2015, @11:21AM
from the who-cares-what-my-fridge-thinks dept.
from the who-cares-what-my-fridge-thinks dept.
The NSA (National Security Agency) is funding development of an architecture for a "safer" Internet of Things (IoT), in the hope of incorporating better security at a product's design phase.
The controversial US intelligence agency is bestowing a $299,000, one-year grant to the University of Alabama in Huntsville (UAH) for a project that aims to build a lightweight virtualisation architecture which will make it easier to build security into IoT systems before they leave the factory.
There are some interesting reactions to the announcement on the Sophos Naked Security blog.
Why would the NSA invest in a project that would make it harder for them to spy on you?
This discussion has been archived.
No new comments can be posted.
NSA: Here’s $300,000, People. Go Build Us a Safer Internet of Things
|
Log In/Create an Account
| Top
| 30 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Everything you know is wrong!
(Score: 3, Insightful) by bradley13 on Thursday August 20 2015, @12:30PM
First: $300k is nothing. This is a tiny project, testing out a couple of simple ideas.
Second, we come to the question:
"Why would the NSA invest in a project that would make it harder for them to spy on you?"
The answer is simple: get in on the ground floor, influence the architecture. That way you know where the weaknesses are and how to exploit them. Heck, when it comes time for implementation, you can probably build your backdoor in from the start. Especially if it's a closed source implementation.
Everyone is somebody else's weirdo.
(Score: 2) by martyb on Friday August 21 2015, @12:22AM
I think you are onto something here.
Large number of small players: My take is that as things now stand, we are seeing a wide diversity of implementations of IoTs. That does provide a certain amount of opportunity: the more and varied the devices, the better the chance that some of them have deficiencies in their implementation which permits them to be compromised. But, that also means that exploits need to be found for a large number of different platforms in order to have some confidence of covert access.
Small number of big players: What if, instead, there were a small number of major platforms instead? Thinking of the desktop there's pretty much just Windows and OS X. Sure, there are other platforms such as the various Linux and BSDs but they are a small minority in the grand scheme of things. Ditto for the handheld/tablet market. We've basically got Android, iOS, and to a lesser extent Windows.
All of these are sufficiently large and complex that it is prohibitively expensive to ensure that they have no vulnerabilities. In other words: it is a near certainty there are going to be exploits that can be found.
It is in their best interest to encourage a limited number of popular platforms. If a small contribution can get development focused on a leading candidate, and others take that as a baseline and build from there, they have reduced the number of exploits they need to develop so as to have access to the majority of the platforms in use.
Now, please excuse me while I look into getting some WiFi blocking paint. [bbc.co.uk] ;)
Wit is intellect, dancing.