
Customers now wary of security holes in connected devices, survey finds - walterbell
http://venturebeat.com/2016/01/04/mobile-device-sales-slow-customers-grow-wary-of-security-holes-in-connected-devices-survey-says/
======
CountSessine
With connected devices being deployed with complex software (Linux) and
hardware vendors who have no auto-deployment plan for security updates, I
think consumers _should_ be wary.

~~~
alistairSH
Completely agree, though I'd love to see the actual questions asked, as I
would be shocked if near 50% of consumers ranked security as a concern without
prompting.

Personally, my waning interest in IoT devices is due mostly to lack of
increased utility. A new fridge that displays my Google Calendar doesn't
really offer me much additional value, at the cost of adding another failure
mode to the device. Having had several newer appliances with failed touch-pads
or electronic modules, I'm loath to buy a device that has _even more_ fancy
electronics.

As for phones and tablets, I feel like I've reached the point where new
iterations don't offer much additional value. Roughly equivalent to how I felt
about PCs/laptops 7-8 years ago. Battery life isn't getting better (without
going large), screen resolutions are great, cameras are great, and the devices
are fast enough for the apps I use most (email, calendar, phone, camera,
Flickr, and Kindle).

~~~
ptaffs
they don't share the question asked, but the PDF has a little more: "Out of
the consumers aware of hacker attacks and owning or planning to own IoT
devices in the next five years, 18 percent decided to terminate the use of the
devices..."

[https://www.accenture.com/_acnmedia/PDF-3/Accenture-
Igniting...](https://www.accenture.com/_acnmedia/PDF-3/Accenture-Igniting-
Growth-in-Consumer-Technology.pdf)

Knowing the government actually snoops, and that hackers could also snoop will
take the triviality out of a non-compelling connected device.

~~~
pm24601
I wouldn't assume that most Americans know anything about the NSA snooping.
Last Week Tonight ( John Oliver ) did man-on-the-street interviews last year
to find out how many people knew about Edward Snowden. The number was
approaching zero.

I would take a bet that the NSA is just as well known.

------
finnn
Even if most people were aware of these things, marketers seem to have gotten
pretty good at convincing people that everything is totally secure, because
most people lack the technical knowledge required to even being to evaluate
their claims. "It's secure because we use ENCRYPTION!" would probably be good
enough for most.

~~~
CountSessine
I think frequency and ease of updates can serve as a reasonable proxy for
security. By that measure, for example, you should think long and hard before
you ever buy a Samsung device that markets itself as 'Smart'.

~~~
potatolicious
Agree, though pretty much every other player patches on par with, or worse
than, Samsung.

Realistically the standard is "is it made by Google, Apple, or Microsoft",
because pretty much everyone else is shite at it.

------
pm24601
Good. I never saw much benefit from IoT talking to the outside world. Device
to device in the house, sure.

Externally - nope.

------
jhulla
I do not trust random devices that plug into my home network. All connected
devices are on a 'guest' network and firewalled (openwrt) from my other
machines.

When I go to a cafe with my laptop, I run it in fully firewalled mode (no
incoming connections of anysort).

At home, I want my machines to be more promiscuous. With the promiscuity comes
various concerns. Whether it is my 1Password safe, my health and financial
records, whatever - I don't want some $30 connected device to connect to my
home network and publish a port to the outside world that permits tunneling
into my inside network.

Unfortunately, outside of sandboxing/firewalling, I do not have the time to
implement a tracking system to see what devices doing what.

Anyone else feel more safe with connected devices at home? What do you do?

~~~
newman314
Not really which is why I have not really gotten started with the whole IoT
thing. I plan to use vlans to segregate as well as iptables.

I'm not fond of the arcane nature of iptables and started researching only
enable unidirectional initiated traffic from my normal network to the isolated
IoT network (IoT gets access to internet) yesterday before giving up as it was
too late. Suggestions welcome.

------
hackuser
If the vendor is collecting every bit of personal data that they can get
rather than an unknown third party doing the same thing, is it a security
issue?

~~~
vitd
Absolutely. If big name stores, health insurers, and even banks can barely
keep their machines secure, then I have no faith that Random J. Company, Inc.
is going to keep their customer data secure.

~~~
hackuser
That's a good point. I meant something a little different (but wasn't 100%
clear): Why is Random J. Company's access to and use of the data any less of a
security breach than some unknown third party accessing and using the data?

Someone might say that user consent is a difference, but I doubt more than a
very few users understand the scale of data collection, much less the
implications.

