back to article Updating Things: IETF bods suggest standard

A trio of ARM engineers have devoted some of their free time* to working up an architecture to address the problem of delivering software updates to internet-connected things. Repeated IoT breaches – whether it's cameras, light bulbs, toys or various kinds of sex toys – have made it painfully clear that too many Things aren't …

  1. cbars Bronze badge

    Seems sensible

    Unfortunately I don't think the problem is caused by a lack of technical standards for deploying security fixes, it's caused by the fact that the functionality provided by IoT devices - to the manufacturers - is simply a means to an end. Once they have the money, it's time to come up with another round of functionality to get more money, and charging for firmware updates will always bring in less money than charging for a new physical device so it becomes 'unsupported'.

    This means we need legislation to say that if a security vulnerability affects X number of consumers in a market with a severity Y, a firmware update must be produced and the manufacturer can charge up to Z% of the original purchase price to supply it (for devices which are a certain number of years old - otherwise it must be free). Trying to get a politician to come up with anything so detailed would require expert involvement, unfortunately my definition of an expert, and a politicians definition is likely to differ by a non trivial margin.

    Still, good job on the draft :)

    1. Doctor Syntax Silver badge

      Re: Seems sensible

      How about a standard that mandates that a device will stop working 12 months after deployment or the last update whichever comes later? On the face of it IoT vendors will love it and fall over themselves ti implement it: built-in obsolescence. Then hit them with merchantable quality cases when they don't distribute upgrades.

      1. cbars Bronze badge

        Re: Seems sensible

        I've upvoted you, as I agree that products should be 'fit for purpose', but the idea that a device must stop working even if not provably non-functional is not one I relish. If I want a TV which is only used in conjunction with some other device and is never connected to the internet, then I don't want it to randomly fail because the number of clock cycles has gone past some arbitrary limit (of course most implementations would only trigger failure via an internet connection, but still). For example my local pub has a TV used solely to display the CCTV image from the end of a skittle alley, it's been there for a decade.

        I'd prefer that if there was a kill switch, it only killed the 'smart' stuff. I could then activate that as soon as I unbox the thing!

    2. Roland6 Silver badge

      Re: Seems sensible

      >(for devices which are a certain number of years old - otherwise it must be free).

      Treat IoT devices like white goods and software, hence: 10 years of free security fixes, from the date of last sale.

      Thus if a vendor has a product in their 2017 catalogue that was introduced in 2012, then if they withdrew the product in 2018 (so not listed in the 2018 catalogue) they would have to provide free fixes until 1-Jan-2028.

      Obviously, we introduce grades: consumer products 10 years (aka white goods), industrial products (20 years) etc.

      The trouble is that business won't like this as it would mean they would have to factor n-years of support into the price of their product rather than sell cheap and hope the product outlasts the consumer guaranee/warranty period.

      1. dajames

        Re: Seems sensible

        The trouble is that business won't like this as it would mean they would have to factor n-years of support into the price of their product rather than sell cheap and hope the product outlasts the consumer guaranee/warranty period.

        Good.

        Eliminate the cheap shit from the market and you push up the entry-level price to the point at which manufacturers can afford to build a properly thought-out, easy to maintain, product that is worth supporting for ten years. Most of the sillier IoT devices will just not be made because nobody would buy them at those prices -- but that's no loss to consumers, only to companies trying to make a fast buck out of cheap IoT Shit.

  2. Christian Berger

    We need to move past updates

    If a manufacturer ships a dangerously defective product, allowing them to send out an update is already a big step towards them. Normally that manufacturer/importer/dealer would be forced into a product recall.

    We need to simplify devices again. Why does a webcam have an always running web based configuration interface? Wouldn't it be much simpler if that interface would only run within the first 10 minutes after powerup, and then configuration changes would be done by regularly downloading a configuration file via HTTPs?

    Why do we have TR069? I mean I can understand the need for remotely managing devices... buy why TR069, wouldn't a simple protocol be able to do everything just as well?

    1. Martin Gregorie

      Re: We need to move past updates

      A Web interface is needed because average consumer wants to control it from a smartphone but can't be arsed to login over SSH (or install SSH on the phone) and IOS maker doesn't want to pay for a complex control app or fpor programmers who could make that secure.

      TR069 because simple interfaces (unless SSH) tend to be insecure and/or require the owning drongo to not only know there's an update available, but to trigger the update.

      "No one in this world has ever lost money by underestimating the intelligence of the great masses of the plain people." - H L Mencken

  3. Anonymous Coward
    Anonymous Coward

    I'm torn

    Yes, there needs to be a way for insecure IoT devices to get patched. On the other hand, if they are patching themselves without your knowledge, all it takes is one bad patch to brick them and they become useless.

    I'm sure manufacturers wouldn't have any incentive to "accidentally" drop a bad patch on every device in the field a few years after sale, just coincidentally after they've introduced a new product line.

    1. Christian Berger

      Not really much of a problem

      If you have auto updates you can disable, but enabled by default, I don't see much problem.

      After all, unlike software companies, hardware companies do have some liability. If you have a long out of warranty device which burns down your house because of a manufacturing defect, the manufacturer/vendor/importer is responsible for it. Those "accidental" bad patches should be easy enough to be traced back to the manufacturer.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like