Honestly, that’s not a terrible idea in general. Like, if you have an Internet-connected device, you have a hook onto your network that someone can exploit down the line, including – as Rossman points out – making it function differently than it did at the time of your purchase in ways that you may not like. And even if you trust the manufacturer, that doesn’t mean that someone cannot acquire them and then exploit that hook.
Kind of a problem with apps and other software too. Even open-source software, like the xz attack – the xz package itself was fine, but you had someone, probably a country, intentionally target and try to seize control of an open-source project to exploit the trust that the open-source project had built up. I understand that it’s also been a concern with even browser extensions.
The right to push updates to an Internet-connected device, unfortunately, has value. And there are people who will try to figure out ways to take advantage of that.
Funny you mention apps. I turned auto-update off for all of them on my phone because I got tired of functionality being removed. A couple force updates after you get too far behind. Been alright so far, but it’s been less than half a year ago we’ll see how it goes in the long run. Security is obviously taking a hit by doing this.
Have to keep things offline and outdated nowadays 🫤 to prevent things like this happening.
Honestly, that’s not a terrible idea in general. Like, if you have an Internet-connected device, you have a hook onto your network that someone can exploit down the line, including – as Rossman points out – making it function differently than it did at the time of your purchase in ways that you may not like. And even if you trust the manufacturer, that doesn’t mean that someone cannot acquire them and then exploit that hook.
Kind of a problem with apps and other software too. Even open-source software, like the
xzattack – the xz package itself was fine, but you had someone, probably a country, intentionally target and try to seize control of an open-source project to exploit the trust that the open-source project had built up. I understand that it’s also been a concern with even browser extensions.The right to push updates to an Internet-connected device, unfortunately, has value. And there are people who will try to figure out ways to take advantage of that.
Funny you mention apps. I turned auto-update off for all of them on my phone because I got tired of functionality being removed. A couple force updates after you get too far behind. Been alright so far, but it’s been less than half a year ago we’ll see how it goes in the long run. Security is obviously taking a hit by doing this.