[djcooley]

Chipset developers like Silicon Labs* are developing very advanced but approachable security capabilities into their latest products (secure boot, secure debug, physical protection (DPA countermeasure, anti-tamper), key management, key storage, crypto engine, etc.)*.

The tools are there now to address this, and this should go a long way toward actually securing the application, the data, the IP, and overall simplify lifecycle management.

* - disclaimer, I am an employee * - https://www.silabs.com/security

[ls65536]

Unfortunately I've often found these capabilities end up being used against users as much as, if not vastly more than, they are used in their favour.

For example, secure boot and anti-tamper measures are often used to lock out users from being able to examine or modify equipment and software for their own benefit. Sure, these measures can be argued as ways to "protect" the user from themselves (preventing inadvertent/unsupported changes of hardware causing malfunction, or preventing the installation of malware, and so on), but to rob the users of their agency to decide what's best for themselves in these circumstances is fundamentally disrespectful.

Nonetheless, I hope your employer is in a position to be part of a movement to buck the trend here, but based on what I've seen in the industry over the years, I've learned to be very skeptical whenever I hear of such "security" capabilities being thrown around as universally beneficial for everyone.

[tpolzer]

The issue here isn't hardware capabilities, it's that vendors like to make their gadgets centrally connected for convenience and analytics and then on top often don't care about hygiene (e.g. no crypto at all).

[temac]

Would it only allow for the lamp to be "secure" in the sense that the owner would not be able to take back control anymore? If that's the case, that's a "solution" worse than the problem, that's even unethical as hell given this will short/medium term accelerate the ecological nightmare.

[TheRealDunkirk]

I don't care how "secure" one can make an internet-connected lamp. I don't want or need a lamp to connect to the internet to change its operating conditions. The problem is that we, as a society, are being so suckered by cheap consumer devices that it's becoming difficult to even FIND NON-connected devices in some categories. Like the lamp in the article, I'm willing to bet that he looked for something with purely physical controls, and couldn't find one in a comparable price point. I honestly don't get it. I can't fathom what some company could possibly be doing with my usage data from some internet-connected LAMP, or why they would go about designing all the infrastructure to make it work. It would be orders of magnitude more easy to just put some buttons on the side of the unit. At this point, I guess someone out there thinks, "Oh, neat!" but this sort of situation is paving the way for it to be impossible to buy ANY consumer electronic device that doesn't phone home in the very near future.