1. 7
  1.  

  2. 3

    The problem with “how to secure” instructions for advanced users is that less advanced users won’t read them. Still waiting for the day somebody ships an iot that requires a “how to make insecure” guide.

    1. 2

      Maybe Rockwell-Collins AAMP7G:

      https://www.rockwellcollins.com/-/media/Files/Unsecure/Products/Product_Brochures/Information_Assurance/Crypto/AAMP7G_data_sheet.ashx

      Not sure if they’ll sell it to IoT vendors. It can be cloned based on publicly-available information, though. Green Hills also has a secure OS (INTEGRITY-178B) targeting this market with a bunch of middleware for crypto, networking, and so on. You can get the “how to secure” with maybe decent security but it comes at a steep price so far. Everything I’ve seen was around $40,000-50,000 or more for OEM deal. Kind of a steal versus the cost of building that much stuff robustly but too much for the IoT vendors aiming to maximize profit by reducing development and per-unit costs. Better to use free stuff with little to no security. ;)

      1. 1

        Ubuntu Core seems to require that you register the an account online with an SSH key if you want to use SSH.