Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Thursday December 22 2016, @09:20AM   Printer-friendly
from the Mirai-IoT-Botnet dept.

Canonical, maker of Ubuntu Linux and its Internet of Things variant, has discovered the obvious – that people cannot be trusted to secure their connected devices.

Thibaut Rouffineau, evangelist for Ubuntu Core and the Internet of Things, admitted late last week that developers and IoT device makers know people seldom update the firmware of connected devices. But, he argues, they probably don't realize how bad the security situation has become.

The distro maker says it surveyed 2,000 folks about how they dealt with connected devices. It found that less than a third of respondents (31 per cent) installed updates as soon as they were available. Some 40 per cent never knowingly updated their devices.

"In other words, consumers are leaving their devices open to exploits and hacks, from DDoS attacks to invasions of personal privacy or theft of personal data," said Rouffineau.

Why such disinterest? According to Rouffineau, almost two thirds of respondents felt that keeping software updated – their security – was not their responsibility.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by DannyB on Thursday December 22 2016, @04:33PM

    by DannyB (5839) Subscriber Badge on Thursday December 22 2016, @04:33PM (#444757) Journal

    I suggest that the fix is to place financial liability for damages caused upon the manufacturer of the product that participated in a DDOS botnet causing damages.

    Think about it.

    When I buy a toaster, I don't expect it to burn my house down. There are even labs that test products for such safety so those products can earn a certification that either increases the consumer's trust, or meets some regulatory requirement.

    Similarly when I buy a printer, or a webcam, or a Telescreen (Smart TV with built in webcam and mic), I don't expect it to get hacked and participate in a DDOS botnet.

    If the manufacturer is incapable of making is secure, then don't put a computer in it. Or if it has a computer, don't connect it to the net.

    The manufacturer would have to spend more on making products as secure as possible. No more sloppy practices. Back doors. Default admin passwords. Etc They would need to be as sure as they can possibly be that their product is unlikely to get hacked. This will increase the cost of smart products. But this is a good thing because it removes the cost from the increasing numbers of victims of the attacks. The cost of the security is probably also smaller than the cost of not having it will be in the long run.

    It will probably become an industry cooperative effort. When companies aren't looking to cut as many corners as possible, but instead are looking to be as secure as possible, they will probably work together towards better security, which will help all of them be better at it.

    Just to head this off: I'm not proposing some form of government regulation, other than placing the liability for damages caused on the manufacturer. No government technical standard, or testing labs.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    Starting Score:    1  point
    Moderation   +3  
       Insightful=2, Interesting=1, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 2) by sjames on Saturday December 24 2016, @06:51PM

    by sjames (2882) on Saturday December 24 2016, @06:51PM (#445618) Journal

    It'll take more than that. To get people to actually let the updates happen, we'll have to actually make corporations pay when they sneak a new limitation in with the update or where they break existing functionality in any way. Feature removal must equal a big fat refund. Not a coupon for a free stick of gum with your next $1000 purchase, an actual full refund. People bought the thing based on the features of the product. If it no longer has them, why shouldn't they have their money back?