tldr: a router that uses your phone or some API as a 2nd factor to add devices to your network, and during this time, permissions are requested/granted.
I can think of a lot of cool ways to expand this basic idea. does this help security, is this a good idea, what flaws exist?
-----
When you add an app to your phone, it tells you what it plans on doing, and you choose to allow or not, in some cases disallow certain requests.
Would this help IOT and other devices from being taken over and if they were taken over, to limit what they could do?
Why not have this on a router?
Lets say I have a smart router and it connects to my phone
For example, add an IP camera on network
1) I connect it normally.
2) Now I get a notification on my phone asking if i want to allow this device to connect to my network, included is the information that it only wants to recieve connections from local IPs
if i want to add a smart doorbell
1) i connect it normally
2) i get a notification on my phone that its connecting and wants to be able to communicate with some.cloudcamera.com or whatever, but no local devices
if i want to add a computer
1) connect normally
2) i get a notification that it wants all access
i'm sure the connection method could be improved, but thats a different conversation, but it could be put into spec form, like part of the Matter spec for example, so at least those devices know how to request access. alternately or in addition, the router could query the device or ask a user to type in what it is, and that could do a lookup in a database to see what applicable permissions apply to that device, and with this, it could change over time, if the services change, and people would be made aware of the changes. if it were popular enough the manufactures themselves would want to make sure their devices were in the database, but it could be done by users in the beginning.
I haven't put nearly all of the thoughts i have on the subject here, just wanted to see if this existed anywhere/perceived benefit/issues. i'd love to see this happen.
permissions
outgoing connection recipient list
outgoing connection ports allowed
incoming connection recipient list
expected/max bandwidth (a lightbulb should use more than a tiny amount of data)
time window of allowed use
I can think of a lot of cool ways to expand this basic idea. does this help security, is this a good idea, what flaws exist?
-----
When you add an app to your phone, it tells you what it plans on doing, and you choose to allow or not, in some cases disallow certain requests.
Would this help IOT and other devices from being taken over and if they were taken over, to limit what they could do?
Why not have this on a router?
Lets say I have a smart router and it connects to my phone
For example, add an IP camera on network
1) I connect it normally.
2) Now I get a notification on my phone asking if i want to allow this device to connect to my network, included is the information that it only wants to recieve connections from local IPs
if i want to add a smart doorbell
1) i connect it normally
2) i get a notification on my phone that its connecting and wants to be able to communicate with some.cloudcamera.com or whatever, but no local devices
if i want to add a computer
1) connect normally
2) i get a notification that it wants all access
i'm sure the connection method could be improved, but thats a different conversation, but it could be put into spec form, like part of the Matter spec for example, so at least those devices know how to request access. alternately or in addition, the router could query the device or ask a user to type in what it is, and that could do a lookup in a database to see what applicable permissions apply to that device, and with this, it could change over time, if the services change, and people would be made aware of the changes. if it were popular enough the manufactures themselves would want to make sure their devices were in the database, but it could be done by users in the beginning.
I haven't put nearly all of the thoughts i have on the subject here, just wanted to see if this existed anywhere/perceived benefit/issues. i'd love to see this happen.
permissions
outgoing connection recipient list
outgoing connection ports allowed
incoming connection recipient list
expected/max bandwidth (a lightbulb should use more than a tiny amount of data)
time window of allowed use