On Thu, 09 Feb 2017 14:54:26 -0500, William Herrin said:
Is there some way an industry association could overcome this? Perhaps have some trivial way to assign each model of IoT device some kind of integer and have the device report the integer instead of its plain text manufacturer and hardware model number? Where the assigned integer is intentionally not published by the industry association though of course trivially determinable by anyone who owns one of the devices.
Or anybody who knows how to use the internet to look for reports of owners who have issues. All it takes is one smarter than the average bear user posting "I've got a MobyWombat 3000 light bulb, and it keeps sending 1193432542 to some server someplace...."
Wouldn't especially impair building a database of vulnerable devices but it would raise the bar for trying to turn the
If it doesn't *heavily* impair building a database of vulnerable devices, it's not a solution to the problem under discussion.