[avsm]

The elephant in the room here is that there are hundreds of millions of embedded devices that cannot be upgraded easily and will be running vulnerable binaries essentially forever. This was a problem before of course, but the ease of chaining vulnerabilities takes the issue to a new level.

The only practical defense is for these frontier models to generate _beneficial_ attacks to innoculate older binaries by remote exploits. I dubbed these 'antibotty' networks in a speculative paper last year, but never thought things would move this fast! https://anil.recoil.org/papers/2025-internet-ecology.pdf

[gmuslera]

No, the elephant in the room is that even bad actors will now have easier to find vulnerabilities in, maintained or not, widely or in critical places used software. Unmaintained and remotely accessible devices should be discarded as soon as possible, you can't stay waiting till some of the good guys decide to give some time to your niche but critical unmaintained piece of software. Because if there is a possibility of taking profit of it, it will be checked and exploited.

And you can't assume that whatever vulnerability they have will let good guys to do the extra (and legally risky) work of closing the hole.

[touristtam]

_SHOULD_ yes sure, but realistically is that going to happen?

[michaelbuckbee]

As doom and gloom as things are generally, I do think things have gotten better. Due to legislation and commercial pressure things like wifi routers shipping with the same default password and open settings have gotten better. Webhosts and ISPs have implemented many improvements to protecting their residential customers.

I take your point, but think that it's also maybe too far.

[xpe]

> As doom and gloom as things are generally, I do think things have gotten better.

The question isn't "are companies making some security improvements?". That's one-sided. The question is "are companies making security improvements FAST ENOUGH to deal with the increased risks?"

[WhyNotHugo]

And this is precisely why so many of these devices should not be connected to the Internet.

Things like an Internet-connected central heating seem absolutely insane to me, yet people look at me like I'm crazy when I say so. Do you really want your home' heating entirely controller by a publicly accessible device that likely will never be upgraded in case of security issues?

[oytis]

You should either implement over-the-air updates or not connect your device to the network at all.

[yencabulator]

That doesn't help when the company behind the device disappears or stops supporting the device. Or is hacked to convert all the devices they manufactured into a botnet.

[Gud]

The problem of course is that many of these devices are eager to connect to the internet so they can often user hostile updates.

[creata]

> The only practical defense is for these frontier models

Another practical defence for many of these devices would be to just disconnect them... I feel like an old man yelling at a cloud, but too much is connected to the Internet these days.

[Normal_gaussian]

It can be easier to hack the device and patch it than determine which device it is. This is nearly always true for the non-technical, but it is true for most technical people as well. Many of the devices in peoples homes that aren't being actively patched are not that old!

[halJordan]

Why doesn't this atm tell me my balance anymore? Oh we implemented creata's advice

Why didn't this smartboard tell me my plane was delayed? Oh we implemented creata's advice

ad nauseum