[192414] in North American Network Operators' Group
Re: Spitballing IoT Security
daemon@ATHENA.MIT.EDU (Edward Dore)
Thu Oct 27 17:36:25 2016
X-Original-To: nanog@nanog.org
From: Edward Dore <edward.dore@freethought-internet.co.uk>
In-Reply-To: <56B9ABD3-6911-42CB-9C9D-81FB33CA55C3@lboro.ac.uk>
Date: Thu, 27 Oct 2016 22:32:28 +0100
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_51FECE90-E2DD-4032-9990-EFCC5DC4E67B
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
> On 27 Oct 2016, at 21:25, Alan Buxey <A.L.M.Buxey@lboro.ac.uk> wrote:
>=20
> Hi,
>=20
>=20
>> At which point the 3GS was almost 5 years old (having originally been
>> released in June 2009) and had been already superseded by the iPhone =
4,
>> 4S, 5 and 5S/5C.
>=20
> But the release of and presence of those phones does not make the =
older phone suddenly stop working. As noted, the phone might be =
obsolete to those people hungering for the latest tech but as a phone =
and web client etc it still works fine. ....and will continue doing so =
whilst the battery is okay. ... and then, with no updates it can be the =
next attack vector
No, but at some point everything has to be discontinued. You can't =
reasonably expect manufacturers to continue to support their products =
indefinitely, particularly without recompense.
To put it another way; are you willing to either pay more up front or =
some kind of ongoing fee in order to fund the manufacturer continuing to =
produce software updates for a device which is multiple years and =
multiple generations out of date?
>=20
> Which is the point. These things stay out there...like those winXP =
boxes. There are 2 choices
>=20
> 1) manufacturers are responsible for the devices. No longer caring =
for them? Recall them. Compensate the users.
>=20
> 2) stronger obsolescence. eg kill switch/firmware tombstoning/network =
connectivity function ending timebomb
>=20
> as a user of lots of legacy tech i find either option bad :/
>=20
> alan
Windows XP was released in October 2001 and finally killed in April =
2014. Even the last service pack was released in April 2008. That's a =
pretty long life and I don't think it would be reasonable to expect =
Microsoft to continue to spend time and money supporting it any further.
Users need to take some responsibility when it comes to making sure that =
their software (or firmware in the case of embedded devices) is still =
supported by the manufacturer. If you choose to use it past the end of =
the manufacturer's support, then you need to be prepared for the =
potential consequences of doing so, including that your service provider =
disconnects you from their network as your device(s) are participating =
in DoS attacks.
Of course, the manufacturer needs to provide the user with some kind of =
reasonable expectation of the lifetime of a device so that they can make =
the appropriate plans to invest in a suitable replacement.
In the case of Windows XP there has been a published official lifecycle =
for an extremely long time (since SP3 was released?). There was also a =
lot of press coverage before and after the end of support, so it =
shouldn't exactly come as a surprise to anyone.
For the iPhone, new versions of iOS generally support the last 4-5 =
iterations of the hardware (I'm not sure if there is an official =
published policy about this), which is typically updated annually. =
Currently that is the iPhone 5/5C from September 2012, the iPhone 5S =
from September 2013, the iPhone 6/6+ from September 2014, the iPhone =
6S/6S+/SE from September 2015 and the iPhone 7/7+ from September 2016.
Edward
--Apple-Mail=_51FECE90-E2DD-4032-9990-EFCC5DC4E67B
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQEcBAEBCgAGBQJYEnJtAAoJEFfvlfdgJz0Q8vIH/0N5fDc6YZ3cU2a2ub6+K7Pi
aEVEKZ+Tl/dvV+9RWID/KY7Cl487Ai9OhWuJ1/P4gEcouuTkp71mK2bnOhVfomiO
A+jCnQUFydQuSva6pgLiL/3z9ospju8cW1L2BvKmezgKqck5xhktwXrAMnwldVxO
pwCAjhuj3VE1VoI8sf4tFoAmNfWXw942tJITut3tP21jvRBFBaHOKIUcnJJucacJ
eOVF0RK2JytLrxdAZTUyCnnrAWXThDR+Du7tF8+3G9Xj4kyFReiVpLzDhRUVtOyR
IafTqhiwJdJW6jjcdmncZVOWDDpbzPD2quBtM2mptTZkWoJXF3AGHibC1aynpIQ=
=2Vs/
-----END PGP SIGNATURE-----
--Apple-Mail=_51FECE90-E2DD-4032-9990-EFCC5DC4E67B--
