Many developers and manufacturers of IoT connected devices will know that consumers are bad at updating the firmware on their connected devices, and that this fact is at the heart of many of the IoT’s security vulnerabilities. But what they might not know is just how bad.
Ubuntu recently surveyed 2000 consumers to better-understand their relationship with their connected devices. This survey revealed that, worryingly, only 31% of consumers that own connected devices perform updates as soon as they become available. A further 40% of consumers have never consciously performed updates on their devices. In other words consumers are leaving their devices open to exploits and hacks, from DDoS attacks to invasions of personal privacy or theft of personal data.
Consumers cannot (and should not) be expected to stay on top of every hack and critical software update; it’s simply not realistic. Nor do consumers particularly see this as their problem to solve. Of those polled, nearly two thirds felt that it was not their responsibility to keep firmware updated. 22% believed it was the job of software developers, while 18% consider it to be the responsibility of device manufacturers.
Canonical has taken the view for some time now that better automatic mechanisms to fix vulnerabilities remotely are needed as an essential step on the way to a secure IoT. We need to remove the burden of performing software updates from the user and we need to actively ban the dreaded ‘default password’, as Canonical has done with Ubuntu Core 16.
In January, Canonical will publish a new paper, ‘Taking charge of the IoT’s security vulnerabilities’, incorporating the full research findings and other exclusive industry stats. This paper will examine three key interconnected topics that, we hope, will ultimately help the industry with a blueprint to move forward:
It’s clear to us that too many of the solutions to IoT security proposed today involve either mitigating security issues after-the-fact, or living in a world where IoT security problems are the accepted norm. This should not and cannot be the case. It’s time for the industry and the regulators to do their bit step up to the plate.
To pre-register to receive a copy of the ‘Taking charge of the IoT’s security vulnerabilities’ report, please click here.
From home control to drones, robots and industrial systems, Ubuntu Core and Snaps provide robust security, app stores and reliable updates for all your IoT devices.
As details of the Meltdown and Spectre vulnerabilities1 have become clearer a number of statements have been published by the multiple vendors affected; Canonical has issued advisories and updates on fixes and mitigations, the latest of…
Sign up for our new webinar on containers and automation, to understand the challenges that increasingly complex software brings and how to achieve economically sustainable operations.
On August 2, Luke Marsden (Weaveworks) and Marco Ceppi (Canonical) presented a webinar on how to Speed up your software development lifecycle with Kubernetes. In the session they described how you can use conjure-up and Weave Cloud to set…