Stories
Slash Boxes
Comments

SoylentNews is people

Why Don't People Secure Their IoT Gadgets? 'It's Not My Problem'

posted by mrpg on Thursday December 22 2016, @09:20AM   Printer-friendly
from the Mirai-IoT-Botnet dept.

Phoenix666 writes:

Canonical, maker of Ubuntu Linux and its Internet of Things variant, has discovered the obvious – that people cannot be trusted to secure their connected devices.

Thibaut Rouffineau, evangelist for Ubuntu Core and the Internet of Things, admitted late last week that developers and IoT device makers know people seldom update the firmware of connected devices. But, he argues, they probably don't realize how bad the security situation has become.

The distro maker says it surveyed 2,000 folks about how they dealt with connected devices. It found that less than a third of respondents (31 per cent) installed updates as soon as they were available. Some 40 per cent never knowingly updated their devices.

"In other words, consumers are leaving their devices open to exploits and hacks, from DDoS attacks to invasions of personal privacy or theft of personal data," said Rouffineau.

Why such disinterest? According to Rouffineau, almost two thirds of respondents felt that keeping software updated – their security – was not their responsibility.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Why Don't People Secure Their IoT Gadgets? 'It's Not My Problem' | Log In/Create an Account | Top | 51 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Insightful) by Anonymous Coward on Thursday December 22 2016, @06:07PM

    by Anonymous Coward on Thursday December 22 2016, @06:07PM (#444785)

    It *is* your problem. However, lets say you actually *WANT* to update the thing.

    Take for example my TV. 2011 state of the art neato LED 55 inch TV. Still works very nicely. 0 firmware updates in the past 4 years after 3 right when I first bought it. Despite the number of known high profile root exploits that have come out for linux. Oh did I mention that? The thing has a ssh port, some sort of web server, and a proprietary command port, all open. It is running a 2010 busybox distro under the covers. There are no updates for that TV and there never will be. Then for icing on the cake. The thing reports back to the manufacture every time I push any button on the thing.

    Then lets say for the sake of argument it DOES get some sort of malware/virus on it. How do I get rid of it? Will a firmware reinstall work? Can I actually get one? What if the malware borked the GUI/command to get at it? No company is going to RMA a 6 year old TV.

    We can continue to pretend that manufactures actual give a damn and make these magical patches. Is there a built in update system? Does it work 100% of the time. Do I as an end user have any control over it or will it just update randomly (like my ps3/ps4) right when I want to use it. If I do have any control does it nag me all the time? If it does not how do I as an end user find out about the new patches?

    I did the only sane thing. I unplugged it from my network.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Total Score:   1