Consultant, Sandelman Software Works
Michael Richardson is an open source and open standards consultant. An autodidact, he wrote mail transfer agents as a teenager, and in the 1990s, after failing at high energy physics, found his calling designing and building embedded networking products, in the security sector.
Michael has built multiple IPsec systems, joining the FreeS/WAN team in 2001, and founding Xelerance.com in 2003. He has operated many networks, worked on DNSSEC and root name servers, and built several boutique ISPs along the way.
Starting in 2008 Michael began to work on IoT mesh routing, eventually chairing the IETF ROLL working group for a few years. Michael has since moved on to the problem of how to securely connect and control IoT devices too small to have user interfaces. The first of these specifications is RFC8366, with several more in the pipeline.
“Eliminate Universal Default Passwords”
A newly connected IoT device is attacked within five minutes. To improve security, new standards and upcoming regulations require IoT manufacturers, and some importers, using passwords in their IoT products to ensure provided passwords are unique per device. As a result, companies need to assess how their IoT products use passwords. “No universal default passwords” is an important provision because default passwords that are easily guessable or derivable weaken security. Poor password practices have the potential to put users’ and businesses’ personal data, devices and networks at risk.
This talk provides on guidance on complying with new standards and regulation.
Forty percent of consumers believe that keeping IoT products’ firmware up to date is the responsibility of the software developer or device manager. Now, new standards and upcoming regulations require IoT manufacturers, and some importers, to publish how long they will supply software updates (the product support period) in a clear and transparent way (e.g. on the outside of the box). Standard ETSI EN 303 6452 requires consumer IoT products to be able to support software updates.
This talk provides guidance on complying with new standards and regulation.