Thibaut Rouffineau
on 15 December 2016
Many developers and manufacturers of IoT connected devices will know that consumers are bad at updating the firmware on their connected devices, and that this fact is at the heart of many of the IoT’s security vulnerabilities. But what they might not know is just how bad.
Ubuntu recently surveyed 2000 consumers to better-understand their relationship with their connected devices. This survey revealed that, worryingly, only 31% of consumers that own connected devices perform updates as soon as they become available. A further 40% of consumers have never consciously performed updates on their devices. In other words consumers are leaving their devices open to exploits and hacks, from DDoS attacks to invasions of personal privacy or theft of personal data.
Consumers cannot (and should not) be expected to stay on top of every hack and critical software update; it’s simply not realistic. Nor do consumers particularly see this as their problem to solve. Of those polled, nearly two thirds felt that it was not their responsibility to keep firmware updated. 22% believed it was the job of software developers, while 18% consider it to be the responsibility of device manufacturers.
Register today for Ubuntu’s upcoming report on IoT security.
Canonical has taken the view for some time now that better automatic mechanisms to fix vulnerabilities remotely are needed as an essential step on the way to a secure IoT. We need to remove the burden of performing software updates from the user and we need to actively ban the dreaded ‘default password’, as Canonical has done with Ubuntu Core 16.
In January, Canonical will publish a new paper, ‘Taking charge of the IoT’s security vulnerabilities’, incorporating the full research findings and other exclusive industry stats. This paper will examine three key interconnected topics that, we hope, will ultimately help the industry with a blueprint to move forward:
- The main IoT security vulnerabilities and why they exist
- Current approaches to IoT security and why they aren’t working
- Ubuntu Core’s blueprint for better IoT security
It’s clear to us that too many of the solutions to IoT security proposed today involve either mitigating security issues after-the-fact, or living in a world where IoT security problems are the accepted norm. This should not and cannot be the case. It’s time for the industry and the regulators to do their bit step up to the plate.
To pre-register to receive a copy of the ‘Taking charge of the IoT’s security vulnerabilities’ report, please click here.