Internet of Things will need extensive support lifecycles

Is it a refrigerator that also takes part in DDoS attacks, or a DDoS machine that also keeps food cool? Such is the question posed by Chris Duckett in a ZDNet article regarding the security maintenance for Internet of Things (IoT) devices. In the past, we set up toasters, TVs, washing machines, and refrigerators, then never worried about them again. This will no longer be the case with IoT-enabled devices, warns Duckett. Companies will have to continue issuing security updates to their IoT devices for years on end, lest they put consumers at risk of hacking and malware.

The problem is that companies seem loathe to commit to keeping their devices secure—even their smartphones. As a case-in-point, in mid-2016, Lenovo announced that keeping up with security updates for its Moto Z and G4 phones was "difficult", and so would not commit to releasing monthly updates. The problem is that—like an instance of Internet Explorer that's 10 years behind on updates—this will eventually leave the device wide-open to security vulnerabilities. This is triply so for IoT "smart" devices, which will be set up once and forgotten. If the companies that are happy enough to slap Android into a refrigerator aren't also happy enough to continue supporting it with a decade of pushed updates after it hits the market, we will be facing a security nightmare.

Source(s)