Stories
Slash Boxes
Comments

SoylentNews is people

Why Don't People Secure Their IoT Gadgets? 'It's Not My Problem'

posted by mrpg on Thursday December 22 2016, @09:20AM   Printer-friendly
from the Mirai-IoT-Botnet dept.

Phoenix666 writes:

Canonical, maker of Ubuntu Linux and its Internet of Things variant, has discovered the obvious – that people cannot be trusted to secure their connected devices.

Thibaut Rouffineau, evangelist for Ubuntu Core and the Internet of Things, admitted late last week that developers and IoT device makers know people seldom update the firmware of connected devices. But, he argues, they probably don't realize how bad the security situation has become.

The distro maker says it surveyed 2,000 folks about how they dealt with connected devices. It found that less than a third of respondents (31 per cent) installed updates as soon as they were available. Some 40 per cent never knowingly updated their devices.

"In other words, consumers are leaving their devices open to exploits and hacks, from DDoS attacks to invasions of personal privacy or theft of personal data," said Rouffineau.

Why such disinterest? According to Rouffineau, almost two thirds of respondents felt that keeping software updated – their security – was not their responsibility.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Why Don't People Secure Their IoT Gadgets? 'It's Not My Problem' | Log In/Create an Account | Top | 51 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Insightful) by Snotnose on Thursday December 22 2016, @02:14PM

    by Snotnose (1623) on Thursday December 22 2016, @02:14PM (#444719)

    My understanding is a lot of the problems are "secret" logins that the consumer doesn't even know about. The other issue is default passwords that can't be changed.

    I'll buy an IoT device when I'm satisfied they have their secure act together. I'll probably die first.

    --
    When the dust settled America realized it was saved by a porn star.
    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 4, Interesting) by Immerman on Thursday December 22 2016, @03:05PM

    by Immerman (3985) on Thursday December 22 2016, @03:05PM (#444726)

    And for that class of vulnerability it seems like something that would be so easy to make virtually iron-clad. Most such devices rarely need to be reconfigured, so just require pushing a physical button on the device to permit logins.

    Heck, most probably already have a "hold to reset" button to debork a bad configuration, so it should be relatively easy to just add an idiot-friendly multistage login that pops up a message saying "Please tap the reset button (Briefly!) within 1 minute to finish logging in". You could even add a nice photo of the device showing exactly where the button is located for convenience.

    For maximum flexibility, make it something that can be disabled with a setting somewhere that only people who know what they are doing are ever likely to mess with.