KRACK, ROCA, and device insecurity

Posted Oct 22, 2017 15:32 UTC (Sun) by NAR (subscriber, #1313)
In reply to: KRACK, ROCA, and device insecurity by bojan
Parent article: KRACK, ROCA, and device insecurity

"selling network connected devices that cannot be easily updated (either automatically or manually)"

I see one problem here: do I want to care about upgrading the software in my WiFi-enabled "smart" light bulb? Although I don't actually have one, but my guess is most users would absolutely not want to care about this. I think they want to install it, then forget that there's WiFi in that gadget, just enjoy the "magic". Even I don't want to care about the software in my WiFi router. So I don't think manual upgrade would solve this. Automatic upgrades (i.e. devices "calling home") on the other hand would cause outrage in the privacy-conscious population - and these can have their own security problems. A smart bulb can't even notify the user with a popup that "hey, upgrade me!" - maybe should morse-code this message after each time it's turned on?