How to make home IoT more secure: Assume the worst

0 Posted by - 23rd November 2016 - Technology

Sometimes the truth hurts but you just have to face it. The internet advisory group BITAG lays it on the line for the IoT industry in a new report: No, consumers aren’t going to update the software on their devices.

“It is safe to assume that most end users will never take action on their own to update software,” the Broadband Internet Technology Advisory Group said. Its recommendation: Build in mechanisms for automatic, secure updates.

That bit of human nature is just one of the harsh realities BITAG acknowledges in the report, which came out on Tuesday. It also points out that some consumer IoT devices ship with weak built-in usernames and passwords like “admin” and “password,” can’t do authentication or encryption, or can easily be taken over by malware that turns them into bots.

The latter fact became glaringly obvious earlier this year when Mirai botnets wreaked havoc with the internet thanks to vulnerable security cameras and other devices. But BITAG was on the case months before that, launching the research for Tuesday’s report in June.

BITAG has several pieces of advice for vendors of home IoT software and hardware. Given that the organization includes representatives from companies such as Cisco Systems, Google, AT&T and Comcast, those tips might find their way into future products and services.

The most basic one is that IoT vendors should assume that, eventually, whatever they build will have bugs and vulnerabilities. That’s why they need automatic over-the-air update tools that don’t force users to do anything — even to opt in, BITAG said.

http://www.cio.com.au/article/610589/how-make-home-iot-more-secure-assume-worst/?utm_medium=rss&utm_source=taxonomyfeed via http://www.cio.com.au/tax/news/ #CIO, #Technology