Firewalls Don't Stop Dragons Podcast Tech Time Bombs
Oct 6, 2025
In this engaging conversation, Paul Roberts, a cybersecurity journalist and founder of the Secure Resilient Future Foundation, discusses the pressing issue of insecure IoT devices. He highlights the dangers of abandoned devices as tech time bombs that can lead to botnets and national security risks. Paul advocates for the right to repair, explaining how it can enhance security and longevity. He also emphasizes the need for transparency in device support lifecycles and the responsibilities of ISPs in maintaining hardware, offering practical solutions for listeners to get involved.
AI Snips
Chapters
Books
Transcript
Episode notes
Abandoned IoT Are Systemic Attack Surfaces
- Abandoned IoT devices act as widespread, long-lived attack surfaces that attackers use to build botnets and pivot to higher-value targets.
- Manufacturers, owners, and ISPs each avoid full responsibility, creating systemic risk that requires regulatory guardrails.
Make ISPs Replace End-Of-Life Routers
- Require ISPs who sell or lease routers to replace end-of-life devices at no cost to customers to reduce insecure devices on the internet.
- Use that obligation to create market pressure on OEMs to extend software support or allow patching.
Mirai Used Default Credentials From Manuals
- The original Mirai botnet exploited publicly documented default usernames and passwords in device manuals.
- Attackers scanned for those devices and logged in directly, showing how trivial misconfigurations lead to large-scale attacks.
