Re: How are these devices accessed from the internet though?
That's the million dollar question. Answers on a post card please.
The problem as I see it is :
1. Bad marketing ideas - Web enabled printing; The IoT fridge (or IoT anything for that matter, they are just decides); the remotely controllable CCTV devices.
2. Marketing companies keeping up with the other vendors who "already have a product" so their engineers can do it, why can't we ?
3. Users are completely clueless when it comes to anything with technology, other than showing off with "look what I just got" type statements.
4. The lack of any standards or accountability for any of the cruft that people chuck into the market. Who suffered the most following last weeks issue - Dyn customers / unrelated companies, or the vendors who made the vulnerable junk ??
5. We can't even get electrically safe chargers that don't electrocute people or batteries that don't catch fire when being charged, so what hope is there of more complex things like entire computers with changing hardware components and stacks of protocols that make up their inner workings.
6. Corporate greed. Companies want our cash and dangle shiny stuff in front of us for unbelievably low prices
7. User stupidity - people look at the previous point and reason along the lines of "Well, they are selling it, so it MUST be OK since SOMEONE must be making sure they stick to the standards right ?"
8. The race to make the next big thing. (company : 1. Make Device, 2 ..... 3. Profit !!)
9. Doing it properly costs in terms of time and makes the products more expensive, hence they do not compete with the tat vendors in the same market place, hence they cut corners until its the absolutely cheapest they can get it to.
To fix the problems, I think that we need :
1. Mandatory standards, a bit like we have for cars - Scratch that, Dieselgate, didn't work), er, Electronic safety like CE approval (Conformite Europeene) - Scratch that, China Export made a mockery of that), We still need standards, but they need teeth and those who bend the rules or ignore them need to be held accountable.
2. Vendors need to be accountable for their products for a long period, e.g. 5-10 years, so it costs them in terms of recalls, replacements and penalties. It needs to be cheaper for them to do it right, not do it cheap and nasty. The car market is a good example of this, but it needs to apply to other devices too.
3. Customers need to be selective on what they buy - buy good things, not random junk
4. Customers need to be able to easily see whats going out of their house and can turn off things that they don't want. WiFi on my fridge - nope. CCTV remote access - Nope. Win 10 slurp, etc.
5. Anyone, without impunity have a crack at any device, since it should be secure. If they find a vulnerability, the need a way of registering these to a world-wide entity with teeth. The manufacturer has to pay the person who found the vulnerability an amount based on the severity and number of units sold. The manufacturer has to resolve the issue and make it available to customers for free. This makes a market from securing devices and makes manufacturers accountable for compliance with security and standards. Obviously things like the DMCA that makes it illegal to reverse engineer something would need a clean up, but that's small detail, since bad guys ignore it already. This also makes it more likely that the gifted people who can find their way into devices make money legally from it.