The U.S. Federal Trade Commission has announced a “prize competition” for creating a software or hardware-based solution with the ability to auto-patch vulnerable Internet of Things (IoT) devices.
Today we are surrounded by a number of Internet-connected devices. Our homes are filled with tiny computers embedded in everything from security cameras, TVs and refrigerators to thermostat and door locks.
While IoT is going to improve life for many, the number of security risks due to lack of stringent security measures and encryption mechanisms in the devices have increased exponentially, giving attackers a large number of entry points to affect you in some or the other way.
Remember Mirai Botnet?
Later, the Chinese firm rolled out patches for security vulnerabilities found in its IoT products, but due to hard-coded passwords and the fact that their makers implemented the devices in a way that they cannot easily be updated, the firm recalled some of its products.
The manufacturers sell IoT devices with no mechanism in place for automated patch updates and therefore, effective patch deployment is a big problem for IoT devices.
This leaves their consumers with unsupported or vulnerable internet-connected devices shortly after purchase. A huge number of devices rely on weak and simple password 1234, hardcoded password, backdoors, insecure protocols.
The FTC is looking for a tool that could be used to perform automatic software updates for Internet-connected devices and up-to-date physical devices as well; wherein some will automatically update while others require users to adjust one or more settings.
The winning tool could be a physical device, an app or a cloud-based service that, at a minimum, will “help protect consumers from security vulnerabilities caused by out-of-date software,” said the FTC.
The FTC will announce the winners in July. This new announcement is scheduled to be publishedWednesday in the Federal Register.
Referenced and Published By The Hackers News (THN)