Canonical, maker of Ubuntu Linux and its Internet of Things variant, has discovered the obvious – that people cannot be trusted to secure their connected devices.
Thibaut Rouffineau, evangelist for Ubuntu Core and the Internet of Things, admitted late last week that developers and IoT device makers know people seldom update the firmware of connected devices. But, he argues, they probably don't realize how bad the security situation has become.
The distro maker says it surveyed 2,000 folks about how they dealt with connected devices. It found that less than a third of respondents (31 per cent) installed updates as soon as they were available. Some 40 per cent never knowingly updated their devices.
"In other words, consumers are leaving their devices open to exploits and hacks, from DDoS attacks to invasions of personal privacy or theft of personal data," said Rouffineau.
Why such disinterest? According to Rouffineau, almost two thirds of respondents felt that keeping software updated – their security – was not their responsibility.
(Score: 5, Insightful) by Runaway1956 on Thursday December 22 2016, @09:30AM
I buy an appliance. Dishwasher, clotheswasher, refrigerator, thermostatic control - it's a THING. It has one purpose - to perform the task for which it was designed. Chill food, wash things, control my home temperature. The damned thing doesn't have a screen on it, from which I can browse the web. It doesn't display a calculator on which I can compute math. It's a dumb gadget. Unless I read the owner's manual, cover to cover, I'm probably not going to be aware that the stupid thing ever needs to be updated.
The failure here, is not with the end user, the consumer. The failure is that idiots are selling products with built in, totally unecessary vulnerabilities.
Sell me a refrigerator, please. Do NOT sell me a "smart" refrigerator with which you can spy on me and my household.
(Score: 4, Insightful) by r1348 on Thursday December 22 2016, @09:38AM
It becomes your problem once you connect it to your network.
(Score: 0) by Anonymous Coward on Thursday December 22 2016, @10:02AM
Ugh. I knew it was trouble when my new sex doll asked for my WiFi password.
(Score: 4, Funny) by Anonymous Coward on Thursday December 22 2016, @10:17AM
Sex Doll will leave you as soon as she gets her online degree in feminist studies.
(Score: 0) by Anonymous Coward on Thursday December 22 2016, @01:57PM
Hahahaha a feminist degree? That bot will leave you once she finds a man with deeper pockets on some hook up site. She don't need a fucking degree to that out!
(Score: 5, Funny) by MostCynical on Thursday December 22 2016, @10:34AM
She's cheating on you (with the toaster, the fridge, and likely helping a DDOS even when you're keeping her... "busy").
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 1, Insightful) by Anonymous Coward on Thursday December 22 2016, @06:07PM
It *is* your problem. However, lets say you actually *WANT* to update the thing.
Take for example my TV. 2011 state of the art neato LED 55 inch TV. Still works very nicely. 0 firmware updates in the past 4 years after 3 right when I first bought it. Despite the number of known high profile root exploits that have come out for linux. Oh did I mention that? The thing has a ssh port, some sort of web server, and a proprietary command port, all open. It is running a 2010 busybox distro under the covers. There are no updates for that TV and there never will be. Then for icing on the cake. The thing reports back to the manufacture every time I push any button on the thing.
Then lets say for the sake of argument it DOES get some sort of malware/virus on it. How do I get rid of it? Will a firmware reinstall work? Can I actually get one? What if the malware borked the GUI/command to get at it? No company is going to RMA a 6 year old TV.
We can continue to pretend that manufactures actual give a damn and make these magical patches. Is there a built in update system? Does it work 100% of the time. Do I as an end user have any control over it or will it just update randomly (like my ps3/ps4) right when I want to use it. If I do have any control does it nag me all the time? If it does not how do I as an end user find out about the new patches?
I did the only sane thing. I unplugged it from my network.
(Score: 2) by skater on Thursday December 22 2016, @02:05PM
Relax - you can still buy non-smart refrigerators. We just bought a set of non-smart washer and dryer.
(Score: 2) by tangomargarine on Thursday December 22 2016, @03:11PM
The failure here, is not with the end user, the consumer. The failure is that idiots are selling products with built in, totally unecessary vulnerabilities.
If nobody was buying them, they wouldn't bother to make them. So the consumer does bear some responsibility.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Thursday December 22 2016, @03:34PM
Not to mention supplying them with the wireless password. This shit doesn't happen to innocent victims. It happens to negligent idiots with too much money thinking it's all magic.
(Score: 3, Insightful) by tangomargarine on Thursday December 22 2016, @04:51PM
To be fair, that's very much something computer companies are encouraging these days. "Just put the CD in and MAGIC!" No, it's not magic; it's a bunch of code that tries to plan for various contingencies, but it's not psychic, or magic, and it doesn't know perfectly what you want every time.
You'd think it would be a better idea to have the thing prompt you for a password out of the box before it's usable. But impatient people would probably bitch about that, so instead we have thousands of people wide open to hacking.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by TheRaven on Thursday December 22 2016, @05:34PM
sudo mod me up
(Score: 2) by tangomargarine on Thursday December 22 2016, @05:38PM
Are they buying them because the shop doesn't have any dumb variants in stock?
Yeah, I wonder how much this is a factor. Like the last time I was looking to buy a car: huge lot and they had IIRC 4 manuals.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by LoRdTAW on Thursday December 22 2016, @06:59PM
Hey! How are they going to monetize your washing/eating/hvac/etc habits? The nerve of some people. I mean, without knowing how often you wash your clothes or how dirty they are, how else would they target you for Tide and Clorox ads? Or the fact that you enjoy dairy maybe you should invest more in buying dannon yogurt? Or your dishwasher would perform better with new and improved cascade or some shit? For fucks sake, they NEED a perpetual revenue stream even after they sold you the damn thing.