Stories
Slash Boxes
Comments

SoylentNews is people

Why Don't People Secure Their IoT Gadgets? 'It's Not My Problem'

posted by mrpg on Thursday December 22 2016, @09:20AM   Printer-friendly
from the Mirai-IoT-Botnet dept.

Phoenix666 writes:

Canonical, maker of Ubuntu Linux and its Internet of Things variant, has discovered the obvious – that people cannot be trusted to secure their connected devices.

Thibaut Rouffineau, evangelist for Ubuntu Core and the Internet of Things, admitted late last week that developers and IoT device makers know people seldom update the firmware of connected devices. But, he argues, they probably don't realize how bad the security situation has become.

The distro maker says it surveyed 2,000 folks about how they dealt with connected devices. It found that less than a third of respondents (31 per cent) installed updates as soon as they were available. Some 40 per cent never knowingly updated their devices.

"In other words, consumers are leaving their devices open to exploits and hacks, from DDoS attacks to invasions of personal privacy or theft of personal data," said Rouffineau.

Why such disinterest? According to Rouffineau, almost two thirds of respondents felt that keeping software updated – their security – was not their responsibility.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Why Don't People Secure Their IoT Gadgets? 'It's Not My Problem' | Log In/Create an Account | Top | 51 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Thursday December 22 2016, @04:33PM

    by Anonymous Coward on Thursday December 22 2016, @04:33PM (#444758)

    Worse is that you have no idea if an update is patching a vulnerability or opening up some new spy/tracking functions...

    Welcome to the world of Android updates. Sure, there is a patch to fix the terrible vulnerability in the system or that app. But before you can get it, you now have to agree to let it snoop on your calls, location, and contact list.

  • (Score: 2) by tangomargarine on Thursday December 22 2016, @04:59PM

    by tangomargarine (667) on Thursday December 22 2016, @04:59PM (#444766)

    If you're lucky enough to get updates for your Android device that's more than a year old at all. Very lucky.

    --
    "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"

    • (Score: 1) by Francis on Thursday December 22 2016, @06:01PM

      by Francis (5544) on Thursday December 22 2016, @06:01PM (#444782)

      That's why Google has been moving more and more Android functionality into the playstore.

      It's definitely not an appropriate solution, but it's far better than it used to be where 100% of the patching had to be done by the carrier who mostly wouldn't do any because they've got waivers for any responsibility on file.

      • (Score: 2) by butthurt on Thursday December 22 2016, @11:15PM

        by butthurt (6141) on Thursday December 22 2016, @11:15PM (#444868) Journal

        Hasn't Google been creating proprietary apps to supplant more and more Android functionality? Open-source apps are possible (witness F-Droid) but that's not what Google is doing:

        Google's update setup has the odd stipulation that easily updatable code must also be proprietary Google code. There's no reason Google can't use this "app-style distribution" to ship open source code just as easily [...]

        --
        http://arstechnica.com/gadgets/2016/11/android-extensions-could-be-googles-plan-to-make-android-updates-suck-less/ [arstechnica.com]

        Google's licencing arrangement for those apps provides that all of them must be included--one cannot pick and choose. It smells like anti-competitive bundling.