Users risk security issues by not updating connected IoT devices

Users risk security issues by not updating connected IoT devices

Security the top concern for IoT developers
Security the top concern for IoT developers

Ubuntu warns developers that barely a third of users update firmware on connected devices, leaving them at risk of security breaches.

Less than a third of users (31 percent) update their connected devices as soon as updates become available, according to a new survey from Ubuntu.

The Linux operating system company said that in a survey of over 2000 consumers, a further 40 percent of consumers have never consciously performed updates on their devices. The firm added that consumers are leaving their devices open to exploits and hacks, from DDoS attacks to invasions of personal privacy or theft of personal data.

Of those polled, nearly two-thirds felt that it was not their responsibility to keep firmware updated. 22 percent believed it was the job of software developers, while 18 percent considered it to be the responsibility of device manufacturers.

“Consumers cannot (and should not) be expected to stay on top of every hack and critical software update; it’s simply not realistic. Nor do consumers particularly see this as their problem to solve,” said Thibaut Rouffineau, head of devices at Ubuntu.

He said that better automatic mechanisms to fix vulnerabilities remotely are needed as an essential step on the way to a secure IoT. “We need to remove the burden of performing software updates from the user and we need to actively ban the dreaded ‘default password’,” he added.

“It’s clear to us that too many of the solutions to IoT security proposed today involve either mitigating security issues after-the-fact, or living in a world where IoT security problems are the accepted norm. This should not and cannot be the case. It’s time for the industry and the regulators to do their bit and step up to the plate,” said Rouffineau.

Related: Sony IP cameras ‘have backdoor accounts’, say cyber researchers

Hackers pose security threat

Keiron Shepherd, senior security specialist at F5 Networks, told Internet of Business that as consumer devices become increasingly exploited by hackers, responsibility for cyber security must be spread across several stakeholders.

“With the everyday user looking for seamless, hassle-free products and experiences, they should be empowered with responsibility for their own security. To do this, manufacturers of smart products must provide consumers with simple, intuitive security management methods based on secure infrastructure. With hackers’ tactics evolving constantly, manufacturers must make security a priority as we enter a festive season already associated with cyber crime and fraud,” he said.

Karl Sigler, Threat Intelligence Manager at Trustwave, told Internet of Business that the majority of freshly unboxed IoT devices are a hacker’s dream, set with the weakest possible generic login credentials, and with no prompt for users to change things.

“This is made worse by the fact most IoT devices are not easy for end-users to manage, as they usually lack a display screen or keyboard. Combine this with the fact that they are often designed to be ready to use immediately, and the need to plug them into computer to change settings tends to be forgotten.”

Related: US government issues IoT cybersecurity guidelines