News

IT NEWS

End of line: supporting IoT in the home

Trouble is potentially brewing in Internet of Things (IoT) land, even if the consequences may still be a little way off. System updates and issues surrounding expiring certificates will pose problems for manufacturers and headaches for consumers.

System updates for fun and profit

One of the first mainstream collisions of putting updates out to pasture and angry device owners yelling “Why doesn’t this work anymore” was probably at the tail end of 2019 and involved streaming giant Netflix. If you have internet connected devices, then those devices will require updating. It may be a security issue, it could be a UI redesign, perhaps the code deep down in the guts between the backend and what you see in front of you has had a change cascading its way through how everything operates.

People realised this very quickly when Netflix started letting people know their TVs would no longer work quite how they had previously. This approach makes sense; there’s only so much you can do with older bits and pieces of hardware with regards the ever-present march of the new. At some point, it simply won’t be able to cut the mustard and then (best case scenario) you’re having to fall back on third party apps instead of official solutions. That could end up being a security risk all by itself.

Not so smart device?

White goods like fridges, freezers, and more general kitchen equipment around the home, are usually pretty expensive. Devices with IoT tech in them, even more so. You’re paying a premium for functionality you may not use that often. It’s likely some folks buy IoT devices for the home without even knowing they possess said capability. It’d certainly go some way to explaining why so many of these things are found online, unsecured, with no password (or a fixed password easily Googled).

Into this hot mess steps a number of expectations; primarily among them, how long you can expect the device to be supported.  We’re not talking about apps allowing you perform smaller tasks now, so much as we are raising expectations about core functionality. Namely: how long will manufacturers ensure our IoT device, all hooked up to the big wide web, keep ticking over. Not only in terms of “does it work”, but also “is it still secure?”

As always, the devil is in the details (or at least some additional information).

Mapping out the end times

Planned obsolesce is something that’s been around in tech circles for years. The basic idea is to keep making money by building in some form of limited shelf life into a device, in a way which makes you continually fork over some cash above  and beyond the original purchase…because  you’re now onto the next one…and the one after that…and the latest model does a handful of new things,  so you’d better buy that too…

You get the idea. Design cycles become shorter, new product releases are rushed out the door, potentially filled with bugs, leaving you to wonder if the new additions could’ve been included in the product you already own.

The addition of more new and intricate technology in white goods is arguably adding to the list of things which could break and/or go wrong over time. Reliance on the ever-shifting sands of the Internet also means things will simply go out of date a lot faster than if it were a plain old washing machine, tumble drier, or fridge.

It’s wise not to become too wrapped up in conspiracy theories on this subject; some caution is advised. By the same token, this is absolutely a thing that happens and major organisations have caught some heat for it.

Even so, we’re now at a point where IoT is firmly established in homes whether we like it or not. More of our devices are becoming internet connected; even if you purposely go out of your way to avoid it, chances are you’ll begrudgingly get stuck with it at some point. For most people in that situation, it tends to end up being a television set. However, the IoT sky is the limit and it could be pretty much anything, really.

Behold my impressive collection of legal documents

At this point, we’re at warranties and guarantees. These can differ greatly with regards to protection depending on where you live, but they are typically tied to laws relevant to your area. You’d think it’d be straightforward; in actual fact, it’s more along the lines of Cole Porter singing Anything Goes as he desperately tries to make sense of 600 pages of legalese.

More often than not, the extended warranty is what offers the most protection. It’s also the one which involves handing over more money, registering on the website, sending off a card, or just forgetting to do any of those previously mentioned then panicking when the toaster explodes.

With all new IoT tech inside your washing machine, you may well be more likely to want extra protection in the event of things going wrong. One slight annoyance, Cole Porter yells from behind his impressive correction of legal documents: will that fancy extended 7-year warranty outlive the IoT tech in your fridge?

Going back to the above article, it’s all a bit worryingly vague. When asked how long support can be expected, answers range from “issued as required,” to “up to ten years,” and at least one vendor who said “a maximum of two years,” with the not massively reassuring caveat that support is not limited to two years.

Glad we’ve cleared that one up, then. Thanks, Cole.

As per the “Which report?” advice, you may have to start asking manufacturers exactly how long IoT tech in a device will be supported versus the length your warranty runs for. Good luck.

Be certain with your certificates

SSL certificates help keep the web safe by firing up the old encryption cannon and ensuring everything you do is kept from prying eyes, be it regular browsing, online banking, gaming, or just streaming some TV shows. The problem is, lots of those certificates are due to expire in the next few years and all of those IoT devices in your home making use of them could be caught in the fallout.

Such a thing impacted users of Roku, who found an expiring certificate broke their service. More general warnings of certificate expiration peg the next big fallout sometime around the tail end of 2021. I, for one, am looking forward to the immense joy gleaned from being told by text that the SSL certificate on my fridge freezer has expired and I’ll have to fix it myself.

A televisual turning point

With all of the above becoming things for a harried shopper to consider, it’s worth remembering that the smart in some devices gives manufacturers additional valuable data on people buying their things. I hope you like adverts the moment you fire up your TV, or the big box in your front room watching pretty much everything you do related to it.

It’s in their interest to push digital into as many devices as possible, and claims from manufacturers already exist that stripping the previously not included smart tech from devices, would make said devices more expensive. Put simply: it isn’t going away anytime soon.

Warranties which may not warranty, certificates which might fail to certify, lifespans which don’t match the length of cover promised, and data harvested from advertisements to try and upsell more smart tech. That’s the current lie of the land when you next go out to replace that 5 year old fridge in need of patching up.

Should you figure it out, please let us know – I think we’d all appreciate the helping hand.

The post End of line: supporting IoT in the home appeared first on Malwarebytes Labs.