Smart devices ... ?
I have a TCL TV with Google TV. As this device is only receiving firmware updates like once a year or so, I consider it inherently insecure, and thus "IoT." (The "S" in "IoT" stands for "Secure"... )
Well, that's the choice of TCL, not Google.
I have IoT devices that never ever received any update.
And indeed, it can get worse than "once a year" -- as you most likely know there's many, many millions devices out there which are "known vulnerable", and nobody cares about it...
I’m using it on a pair of WSM20 devices as we speak. The only downtime I’ve had in 3 months was updating to 23.05.0 RC3.
Be aware, the OEM firmware is truly awful, but the he Hardware is excellent and unexplainably cheap.
"Smart", I'm always wary of that word. I dont know if you live in a country where they call some roads "Smart motorways" or "smart highways" but in my opinion, the word "smart" usually means the opposite to what "smart" used to mean. The definition of the IoT is changing too. These days it can mean a lot more than it used to. In the same way that people no longer use the term "VPN" to mean what is used to mean, but have amalgamated the idea of a proxy server into the idea of online privacy and networking. and called it a VPN. Many discussions on websites include TV's and PVR's in the idea of the IoT. Not sure why but I think it's because a tv and PVR just sit there and dont do much they are just part of the furniture that connects to the internet
well now this is going all over the place.
security of wireless is something that involve lan network.
a device that you do not trust involve wan side. but that's why we are on this forum, because we have the power of openwrt. with openwrt you can secure your week devices, not all the time, but if a smart device cannot be safe under openwrt, it means that the device is rotten because the seller decided so.
I am well aware a brute force attack can be made on WPA2. Why do you think I bothered to observe 13 characters including uppercase, lowercase, numbers and symbols (i.e., 95 unique characters) have 5*10^25 (i.e., 95^13) combinations ?
Regarding computer resources needed to crack strong passwords, the article you linked observes "You're probably not that special, of course!" And I think that is the key - pun intended.
I don't think WPA2 (with Forced AES) is so broken that I cannot tailor the length of a random password key to how special I am.
Edward Snowden claimed the NSA could brute force 1 trillion guesses per second in 2013. Moore's law suggests we should double that every two years, so let's call it 32 trillion guesses per second. Let's further assume some luck is involved - the password is cracked in the first half of the brute force guesses. Sticking with my 13 character example, we're down to a mere 2.5x10^25 combinations. If I'm doing the math right, that works out to 2.5E25/(32E12x3600x24x365), or something like 25 thousand years. Use a minimum of 20 characters and we are up to 10^18 years, but I'm definitely not that special.
I agree. And to add to that, if "they" really want to access your devices or network there are probably easier ways to do that instead of bruteforcing wpa2 passwords. For example, almost everyone these days uses a cellphone (which is connected to your trusted wifi), which has a baseband processor. A small cpu with its own software, that is even able to communicatie with cell towers when the phone is "switched off", and is entirely a black box. Just saying.Just a small example of many.
So @ralfbergs , you can go crazy with wpa3 security, but that only does so much.