from the Mirai-IoT-Botnet dept.
Canonical, maker of Ubuntu Linux and its Internet of Things variant, has discovered the obvious – that people cannot be trusted to secure their connected devices.
Thibaut Rouffineau, evangelist for Ubuntu Core and the Internet of Things, admitted late last week that developers and IoT device makers know people seldom update the firmware of connected devices. But, he argues, they probably don't realize how bad the security situation has become.
The distro maker says it surveyed 2,000 folks about how they dealt with connected devices. It found that less than a third of respondents (31 per cent) installed updates as soon as they were available. Some 40 per cent never knowingly updated their devices.
"In other words, consumers are leaving their devices open to exploits and hacks, from DDoS attacks to invasions of personal privacy or theft of personal data," said Rouffineau.
Why such disinterest? According to Rouffineau, almost two thirds of respondents felt that keeping software updated – their security – was not their responsibility.
It's simple (Score:4, Insightful)
These appliances replaced things in most homes that did not require further maintenence before. People (rightfully) expect replacements to be a drop-in solution.
Reply to This
internet of THINGS (Score:5, Insightful)
I buy an appliance. Dishwasher, clotheswasher, refrigerator, thermostatic control - it's a THING. It has one purpose - to perform the task for which it was designed. Chill food, wash things, control my home temperature. The damned thing doesn't have a screen on it, from which I can browse the web. It doesn't display a calculator on which I can compute math. It's a dumb gadget. Unless I read the owner's manual, cover to cover, I'm probably not going to be aware that the stupid thing ever needs to be updated.
The failure here, is not with the end user, the consumer. The failure is that idiots are selling products with built in, totally unecessary vulnerabilities.
Sell me a refrigerator, please. Do NOT sell me a "smart" refrigerator with which you can spy on me and my household.
Stand by for hilarity from the Trump House!
Reply to This
Re:internet of THINGS (Score:4, Insightful)
It becomes your problem once you connect it to your network.
Reply to This
Parent
IoT vs PVRs etc. (Score:2, Insightful)
To be honest I'm more concerned about the security of the shitty PVR and TV receiver boxes I get from my provider than I am about my Philips Hue lights and other automation swag.
Apparently they update themselves periodically, but they're still running some version of Windows CE.
Fortunately the Hue app lets me know when it's time to update, but I have no idea what changes are made on the PVR updates, or even when it happens (unless I'm watching at the time and it jacks up my shows).
Reply to This
Better routers... (Score:2)
Frankly, I'm not concerned about IoT devices ... so long as I had better router software.
Currently my router default has a single zone for all devices attached. Would be nice for the software to default to two zones: Trusted and nontrusted. Trusted devices get access to each other and shares on the network. Untrusted get a separate zone with access to other devices on that zone and internet only.
It would be nice for some way for a phone to be on the trusted network but the phone apps able to control the IoT devices.
Router updates would solve a big part of this.
Reply to This
updates are risky, vendors aren't trustworthy (Score:2)
That we have to jailbreak our own property is bull. That there are reasons to want to jailbreak devices is more bull. The walls of the walled gardens are insidious.
For example, my "smart" TV is corporate controlled and restricted to the max. The TV can surf the Internet, but has been artificially limited to only a few major websites such as YouTube, Hulu, Netflix, Amazon Prime, and about a dozen others all related to corporate controlled video. Definitely no Pirate Bay. Then it has "features" such as not only not blocking ads on YouTube, it does not allow the user to skip the first several seconds of an ad. The TV manufacturer controls firmware updates. Thing is programmed to download and install updates automatically if you have it hooked up to the Internet.
For another example, I have a Netgear router/modem (model N450), which I recently learned I do not control. I own the thing, I do not rent it. The firmware can be updated, but guess what? The owner can't update the firmware, only the owner's ISP can do that. Can the owner simply prevent updates? No. Recently, the ISP I'm with merged with another. As part of this merger, they switched to the other ISP's firmware for my device, and this caused problems. Since that firmware update that I was not so much as informed happened, the thing has to be reset every few hours, or the WiFi drops out and packets get delayed longer and longer, making Internet telephony unusable. That was 2 months ago, and they have done nothing to fix the problem they caused, haven't even acknowledged that they screwed it up. You know how corporate bureaucracies are.
Secure our Iot gadgets? Haha, they aren't even really our property! For those few of us who want to be "responsible", we first have to pry them loose from corporate control. First secure them from the kind of negligence monopolistic behemoths are wont to practice. To update is to risk them slipping back into corporate control. Never know when an "update" will actually be further restrictions. Remember that Sony removed Linux support from their Playstation 3 with an "update". Microsoft is another who has repeatedly abused the trust of their users in similar fashion. Remember how hard they made users work to stop Windows 7 and 8 from being forcefully updated to Windows 10.
I love these articles that blame us on the assumption that we actually control our own property.
Reply to This