The risks of Smart Devices
As I have reported before, retailers don’t really care whether the smart devices that you buy are secure. Home Depot is one of those vendors and when asked about dumb smart devices, they said: “We require all vendors to follow applicable laws, regulations, and industry standards”. Of course, there are virtually no laws, regulations or even standards when it comes to smart device security or privacy, so that is a pretty low bar.
Other vendors such as Amazon, Walmart and Best Buy kept their mouths shut when asked about the security of the products that they sell.
Its not hard to find vulnerabilities in devices where cost is the main driving concern. A student found found design flaws in the devices of 11 manufacturers. If a college kid can find these vulnerabilities, you would think that major corporations could. But the reality is that consumers don’t care about security; they care about features.
Except when their camera vendor (ADT) is discovered to be spying on them (the ex-employee is now in jail).
What this means is that you are left to your own to figure out whether it is safe to buy a particular device. Here are some things you should consider before you buy:
- How long will the manufacturer support this device with technical support and patches. Typically, this time is based on some number of months from when it was released initially, not from when you buy it. If you plan to keep it longer than that period, you are on your own.
- Does the manufacturer regularly release feature updates and patches. If the last time they did so was 2013, find a different device.
- Does the device automatically install patches or automatically tell you that patches are available. Auto install is definitely preferred.
- How important is security for this purchase? If this is a smart door lock and you would prefer that crooks can’t stand on your front doorstep and unlock your door when you are not home, make sure that the vendor checks all the boxes. On the other hand, if it is a kitchen blender, you might not care. In fact, you might not connect it to the Internet at all.
These are just some thoughts. Remember that the ball is in your court and none of the law, the manufacturer nor the store care. I’m not bashing them, just telling you want the deal is.
In fact, there is typically a document that comes with these devices that say that they disavow any responsibility, to the maximum extent allowed by law, for whether the device is appropriate for whatever purpose you intend to use it for. Credit: Refirm Labs