This comment is stupid... It is like blaming the car manufacturer for killing people by making cars go fast.
Just because you can do it, is not the same as you should do it.
ideally not but I imagine the primary concern when writing that was making it work well with as many devices as possible. spamming thousands of fake devices is artificial stress testing territory. I'd like to see it better handled but I'd also like the focus to be implementing the feature in a polished and compatible way.
Solution #3: don't give any IOT stuff access to the internet, you don't want your adversary [1] to be able to access their spy agents nor to bring down the grid by rapidly switching on and off all devices under their control. The suggestion to use a VLAN is good but not sufficient, that VLAN should not have access to the internet. Any interaction with IoT stuff should be mediated by software under your control, transmitting only such data as you want to be transmitted. This is a bit more work than just allowing the things to access the 'net but it mostly solves the problems of these devices being used to spy on you or to enable their use in schemes to affect grid stability.
How? Create a VLAN which has no access to the outside nor to the rest of your network. Add a dual-hosted gateway to the VLAN which interacts with the IoT things to extract any data you want (production data for inverters, temperature data for temperature sensors, etc.), feeds them whatever data they need to function, interacts with controls (set temperature on HVAC system, change mode, etc.) etc. Do not allow these devices to update their software automatically, this is something you want to take care of yourself. Since the devices are not directly connected to the 'net they are not exposed to whatever nefarious actors are out there to compromise them so any remote exploits should remain unexploited (other than by you, e.g. to install ESPHome or Tasmota). You get to sleep at night in the knowledge that your fridge may be trying to spy on you but is thwarted in its attempts and that little rocket man can not use your inverter or heat pump to wreak havoc on the grid.
[1] where 'adversary' is anything from the ad company masquerading as a hardware vendor to the eternal empire on the other side of the sea and anything in between
It is what I have been doing for more than a year. It is not difficult but does require some familiarity with network configuration and a bit of hardware hacking if you want to use ESPHome or Tasmota or something like that. I use this to control the solar inverter and a number of appliances. I also read the power meter using a homebuilt reader (which is where the hardware hacking comes in) which I use to control the output of the inverter based on momentary power prices (we have hourly rates and can sell power at market price which also implies we show not send any power if the price happens to go negative).
In other words this is quite doable for those who have some experience in setting up networked equipment. It is not something you'll tell your grandma to do but there is nothing keeping you from setting it up for her since it is a one-time job. It is also more than worth it for the gains in privacy, the reduction in exposure to exploits and the absence of the risks of automatic updates which take away functionality you depend on.
You shouldn't be able to DoS Windows by spamming fake devices on the network.
I would blame Hisense for makin crap...
I never said don't blame Hisense. I just said that it shouldn't be this easy to DoS Windows.
Solution #2: don’t give any IOT stuff access to your network. Internet access is plenty, use a VLAN.
How? Create a VLAN which has no access to the outside nor to the rest of your network. Add a dual-hosted gateway to the VLAN which interacts with the IoT things to extract any data you want (production data for inverters, temperature data for temperature sensors, etc.), feeds them whatever data they need to function, interacts with controls (set temperature on HVAC system, change mode, etc.) etc. Do not allow these devices to update their software automatically, this is something you want to take care of yourself. Since the devices are not directly connected to the 'net they are not exposed to whatever nefarious actors are out there to compromise them so any remote exploits should remain unexploited (other than by you, e.g. to install ESPHome or Tasmota). You get to sleep at night in the knowledge that your fridge may be trying to spy on you but is thwarted in its attempts and that little rocket man can not use your inverter or heat pump to wreak havoc on the grid.
[1] where 'adversary' is anything from the ad company masquerading as a hardware vendor to the eternal empire on the other side of the sea and anything in between
In other words this is quite doable for those who have some experience in setting up networked equipment. It is not something you'll tell your grandma to do but there is nothing keeping you from setting it up for her since it is a one-time job. It is also more than worth it for the gains in privacy, the reduction in exposure to exploits and the absence of the risks of automatic updates which take away functionality you depend on.