Nowadays, many of us own a so-called IoT (Internet of Things) device in our homes. For example, if you own an Amazon Echo connected to a smart plug (which my household has), you have at least two separate IoT devices working together. It seems that the popularity of IoT will keep expanding for years to come as the demand of such smart devices increases and become much cheaper to own (although I have to say a smart fridge is a still a stupid idea).
Unfortunately, IoT devices often come shipped with a significant flaw: security – or the lack thereof. Since these devices require some kind of Internet connectivity, the hardware and firmware for such devices tend to be rudimentary at best, just enough to get it connected to an access point without regard to basic security practices. The underlying software, or operating system, is often in an unpatched state and likely to never get further security updates as a standard Windows, macOS, or Linux PC would. These vulnerabilities were the basis for the Mirai botnet spread across various networks across the world. As IoT becomes the norm in many – or most – households in the developed world, then it becomes immensely imperative that the security built into these devices are up-to-date and can be easily kept up-to-date – easier said than done, of course.
Poor implementation of a shipped IoT product is described by one as an ugly baby. Perhaps. I would say the ugly is about to get uglier should vendors fail to do what’s responsible in an age where security is paramount.