π

Don't Buy and Run Cloud-Connected Devices That Are Un-Patchable

Show Sidebar

If you buy cloud connected devices like surveillance cameras, health-equipment like scales, unfornately any wifi routers with insecure default firmware, basically all internet-connected device which are not going to patched automatically, you are destroying our Internet. Bad news. No joke.

Deutsche Version

Patchable means that the device receives security updates in a secure way so that known issues will be fixed by the manufacturer. This needs an implemented update system and a manufacturer willing to patch already rolled out devices. The combination of both currently almost never happens in combination. Therefore, the so called Internet of Things (IoT) is going to get us into severe troubles.

Unpatchable cloud devices are part of the malicious network which regularly takes down large parts of the Internet. Yes, this is already happening. With the help of your cloud-connected devices. And it's getting worse each time. With more and more insecure cloud devices, our whole Internet infrastructure will stop working for a couple of days a year in future.

Think of it a couple of Minutes. Take your time.

Not only you are going to loose your Netflix. Meanwhile, very important public services are depending on a working Internet. Unfortunately, even our power system, traffic infrastructure, water delivery, health system, and such get really severe issues when the Internet is down for a while. Even riots and civil war situations are most likely within just a few days. And we are heading towards those situations with more or less open eyes and with high speed. And consumers owning those malicious devices are not aware of it. Not at all.

So what to do about it?

First, tell people about this. We need to get a more secure Internet by telling people that they should not blindly trust companies selling stuff.

Second, develop a habit to be skeptic. Especially, be skeptic when companies offer you services that are free to use.

Third, re-think your opinion on the importance of your privacy. Privacy-aware people are no longer unwordly weirdos. Not since at least the Snowden documents. There is no definition of paranoid left, which is not outperformed by proven reality. This war is already lost.

Fourth, to cope with this issue in a sustainable way, politics has to pass bills that demand responsibility from manufacturers. When a company is selling devices which causes harm to the world, this very same comany has to take responsibility. This is the only way to make sure that companies are investing effort in secure devices at customers side. You have a voice, you have a vote. Use it wisely. At polls and by choosing the right products.

Fifth, please don't buy devices that offer any kind of direct Internet connection (WiFi or LAN-based) when you really don't need it. Even when you already sold your soul to the cloud, refrain from doing so if it is not really necessary.

Why is my vacuum cleaner uploading 25MB of data? Who am I DDOSing?
This sucks. pic.twitter.com/rXrwx0lhsj
— Jonathan Wight (@schwa) October 25, 2016 (Original tweet was taken offline meanwhile)

Sixth, consult an independent geek to help you if you need help.

For example when buying a WiFi router, any geek is able to select a model which can be quickly flashed with an alternative firmware that offers a much higher level on security than any out-of-the-box firmware. As a side-effect, those devices usually are working for a longer period of time so you save money as well.

Make sure that security patches are installed automatically on all of your devices. If not possible, create a recurring reminder (months to at least yearly) that you or your geek of choice is checking all those devices for manual updates.

If you have to buy a cloud-connected device whose cloud-connection is not necessary for its main usage, please don't let it contact the public internet. You should run an Internet router at home which allows for blocking Internet access for a set of given devices.

Manufacturers are not doing their job of protecting your privacy or the security of their products. This is proven to be the case. Therefore, treat your personal geek with respect and treat him/her well. You are going to really need him/her in future. Badly.

Good Night, and Good Luck.


Related articles that link to this one:

Comment via email (persistent) or via Disqus (ephemeral) comments below: