Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security IT

'Zombie Devices' Raise Cybersecurity Alarm as Consumers Ignore Smart Tech Expiry Dates 33

Posted by msmash from the troubling-signs dept.
A survey of 2,130 Americans has revealed widespread vulnerability to cyber attacks through unsupported smart devices, with 43% unaware their devices might lose software support. The security threat was underscored in December 2023 when U.S. authorities disrupted a Chinese state-sponsored botnet targeting home routers and cameras that had stopped receiving security updates. Cloudflare separately reported a record-breaking DDoS attack in late 2023, primarily originating from compromised smart TVs and set-top boxes.

The survey, conduced by Consumer Reports, found that only 39% of consumers learned about lost software support from manufacturers, with most discovering issues when devices stopped working (40%) or through media reports (15%). Most consumers expect their smart devices to retain functionality after losing software support, particularly for large appliances (70%). However, Consumer Reports' research found only 14% of 21 smart appliance brands specify support timeframes, while an FTC study of 184 devices showed just 11% disclose support duration.

'Zombie Devices' Raise Cybersecurity Alarm as Consumers Ignore Smart Tech Expiry Dates More | Reply

'Zombie Devices' Raise Cybersecurity Alarm as Consumers Ignore Smart Tech Expiry Dates

Comments Filter:

  • Easy fix (Score:5, Insightful)

    by Baron_Yam ( 643147 ) on Friday February 07, 2025 @12:28PM (#65149975)

    STOP HAVING EVERY DAMN THING NEED INTERNET ACCESS.

    For fuck's sake, let's have a standard where all your devices use non-routing protocols and have to connect to a local server before a connection to the world can be established.

    Now you have only one central device to keep updated, and 90% of its job is, from the very beginning, to keep those other devices isolated and protected.

    • I feel like there needs to be some regulation here for national security purposes... If you release a smart device (probably need to define what that is) you are required to support it for X amount of time, with a SLA on how fast those updates come in, and intentionally brick it once you have stopped performing updates.

      This would encourage smarter choices like not exposing devices to Wifi and using things like Zigbee instead. Or maybe some sort of advertising protocol that routers would automatically harden

  • The core fallacy (Score:4, Interesting)

    by JamesTRexx ( 675890 ) on Friday February 07, 2025 @12:36PM (#65150007) Journal

    There are no such things as "smart" devices.
    Only gullible consumers.

  • Forever (Score:5, Insightful)

    by merde ( 464783 ) on Friday February 07, 2025 @12:39PM (#65150011)

    In days of old, if I bought a fridge or a TV or a dishwasher I expected it to work until it broke down and the cost of repair exceeded the cost of replacement.

    As a consumer, why should me expectation be any different now?

    As a computer guy I understand about software vulnerabilities... which is why my (85 inch, expensive) TV set and fancy receiver are not connected to any network and all streaming is performed by a cheapo Amazon TV stick which can be replaced as necessary. The TV works just fine as a dumb monitor, and can continue to do so until it fails. And if the TV stick/disc player/HTPC get too old to be supported they are easy and cheap to replace.

    Of course, all the manufacturers want us to buy a new TV every few years so will schedule "end of life" to maximise shareholder value, so this problem is not going to go away in a hurry.

    • I use an expensive but great Miele dishwasher. It's now 15 years old and has no smarts. I have no plans on replacing it. However, it's very valuable to me to be notified when the dishes are done. To that effect, I installed a $15 energy monitoring smart plug - a Kasa KP125 . It has a local API. I setup an automation in home assistant which does the notification based on wattage used. Works perfectly. If the smartplug stops being supported, I can block it from internet access, or just replace it as it's not

  • ...run away
    Avoid so-called "smart" devices that require cloud or server support, ALL of them.
    Only use devices that don't connect to the internet and maintain full function when used locally.

    • Re: (Score:2)

      by merde ( 464783 )

      Avoid so-called "smart" devices that require cloud or server support,

      This is hard to do if the objective is to stream Netflix or Spotify...

      • You buy a $30-60 streaming stick for that which can be just as cheaply replaced. Building something like that into a TV is wasteful planned obscelescence.

      • You can in many cases stream local content from a NAS, though. For music, I do that using Music assistant on Home assistant. I also stream from Qobuz. They also let you purchase content and store it locally, DRM free.

        For video content, Plex works, to some degree. I use it to record and watch OTA content. The laser in my optical drives is getting weak, and it may be time to rip all those DVD/BD/UHD BD to my NAS, also.

        An HTPC with Jriver still does a far better job than any stick for video, though, in terms o

  • IoT is a mesd (Score:3)

    by bradley13 ( 1118935 ) on Friday February 07, 2025 @12:44PM (#65150021) Homepage
    Companies dropping support for IoT devices is a mess. People don't expect parts of their house to expire.

    • Re: (Score:2)

      by kqs ( 1038910 )

      This is the main thing. When I replace a light switch, I expect it to last for decades, not months. When I buy a washer or microwave, same thing.

      • You can use dumb appliances with energy monitoring smartplugs to get smart functionality . All my plug-in kitchen appliances wlrk that way. The hardwired induction cooktop does not. I have not researched how to make it smart.
        My double oven is hardwired. Last year , I replaced the 28 year old model with a smart one. Top rated GE model in consumer reports. Unfortunately uses cloud for smarts. Costco won't take it back when Haier drops the cloud support because it's been over 90 days. I really love the oven, t

  • If a "smart" appliance doesn't have a life cycle of at least 15 years, then the company that made it is running a scam.

    • The US government considers something a "durable good" if its average life is at least 3 years.

      • Figures. When I was in econ that was 10 years low, 20 years midpoint.

        If your fridge only lasted 35 years you had no right to complain.

        They would probably reduce it to "lasts beyond the manufacturer warranty" if they could.

        Like how a vaccine had to prevent infection and transmission until three years ago.

        This is why textual analysis is a bankrupt interpretation of law.

        • Re: (Score:1)

          by Anonymous Coward

          I remember when people used to be able to stay somewhat on topic and not turn a thread about shitty IoT devices having the absolute most predictable outcome ever into an ignorant anti-vaxx screed.

  • What is the point? My current fridge is 15 years old. It is still a decent fridge. It doesn't need replacing. I would rather have a fridge that lasts, than a fridge that needs to be replaced on a schedule like a smartphone. Same with the washing machine and the coffee machine. Not everything needs to be disposable.
  • Why are you blaming users? The manufacturers have made vulnerable devices, they are at fault.

  • If I put a camera outside my house it is going to stay there forever. If someone wants to take it down they are going to have to bring a ladder and a cop with a court order and a gun. And he's going to have to use the gun. So get out of my life.

    • This is not about anyone stealing your outdated insecure junk.

      But that camera is discontinued and the back doors are long known, everyone is now seeing your life - such as it is.
  • This is a problem intentionally created by companies. They want scheduled obsolescence so they can make more money. And now they also want everything to have a subscription so they can make even more money AND enforce the obsolescence but not update the devices for more than a couple years. What happened to I buy a TV and hook up my device. They every few years I replace the device and not a whole TV. I do not want to throw away every electronic item in my house every couple of years.
  • For an article on Slashdot it sure low-key villanizes common sense. Why get a new device that barely better then the one you have, and have paid off? Why use a new device that's poorly programmed, poorly made, and has fewer ways to repair? And "smart" appliances are even worse. Why would anyone need a tv screen for a refrigerator door? There might be some uses for bluetooth programming a microwave, but getting a droid to remove the food and serve it to you still hasn't gotten to an affordable market level.

    • This is NOT a defense of putting medical equipment online per se but it IS a defense of allowing medical equipment to communicate with the outside world:

      Decades ago, back in the days of plain-old-telephone-service, I had a relative with a pacemaker. Once a month, she put a device up to her pacemaker. The other end of that device was an acoustic-coupled (!) modem that transmitted telemetry back to her doctor's office.

      A realistic 21st-century version would have it transmitting telemetry to your phone over s

  • Have We Given Up On Firewalls? (Score:3)

    by rsmith-mac ( 639075 ) on Friday February 07, 2025 @02:44PM (#65150501)

    To quote TFA:

    Cloudflare documented that the largest source of traffic used in DDoS attacks appears to come from compromised smart TVs and digital set-top boxes.

    Very few articles, TFA included, do a good job of explaining how zombie devices are getting enrolled in botnets. While CR is right to call out a general lack of software support - and more importantly, a lack of notice for when software support is ending - most devices should not be internet accessible by default.

    Even the most basic consumer routers have inbound firewalls that would prevent attackers from connecting to and taking over a vulnerable device. And while outbound connectivity is less than ideal in some cases, that has historically not been a significant threat vector.

    So what am I missing here? Have we given up on firewalls? There shouldn't be scourge of TVs that are getting pwned.

    • Most people want to be able to access their smart devices remotely. That is a very important feature. But mom and pop will not setup a home VPN. Their ISP may use CG-NAT and prevent it, also.

      Device makers effectively bypass the firewall. Devices make outbound connections to the cloud server. Apps make outbound connection to the same cloud server. That's how they communicate. Even if you only want to use them locally, in a lot of cases.

      Unfortunately, cloud servers have operating costs. And vendors go bankrup

  • All they need to do is make vendors liable for the safety defects in their own products. Vendors should be totally free to walk away from whatever they want except liability.

    If a defect in my toaster causes it to spontaneously combust it doesn't matter that there is a new and improved replacement model or toaster is otherwise out of warranty or support.

    Likewise if a safety defect in a product creates safety risks of data exfiltration, stalking, exploitation by criminal enterprise...etc vendors should not b

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close