Make secure the default state

IoT security has been a bit of an inside joke for years, but up to now the joke has for the most part been on the owner or user of a device. My pacemaker could be hacked - but hey, it's my pacemaker and my heart, right? That changes when webcams and fridges are conscripted into a giant DDoS weapon.

In the US, Peiter Zatko (better known as "Mudge") is building a "CyberUL" that could define standards for reasonably securable things. At the risk of appearing to pimp my blog, I suggested some basic standards a year ago (https://www.securityforrealpeople.com/2015/09/what-if-connected-devices-were-secure.html) that are every bit as appropriate today. As c1ue suggested, patching is only one part of the puzzle:

1. Installation processes should establish a non-default password unique to the owner. Default passwords are an extremely common way of breaking into connected devices; if turning a product on for the first time involves choosing a password - even a weak password - that eliminates this gaping back door.

2. Products should have automated software and firmware updates available, enabled by default, and *guaranteed for the reasonable lifetime of the product.* How often do home users update their wireless routers, or Internet-connected washing machines? How many smartphones languish with known vulnerabilities simply because the manufacturer chooses not to push updates after a year (or at all)?

3. Features that impact privacy should be clearly presented so the owner can make an informed decision whether to use the feature. Trading personal information for a service (or a mobile game) is not inherently a bad idea - but it should be a conscious decision.

4. Features that involve significant safety or privacy risk should be properly isolated from Internet access. Chris Roberts' "flying sideways," and Charlie Miller and Chris Valasek's research into cellular access to vehicle controls, brilliantly demonstrate the danger when this is overlooked.

5. Documents and content originating from outside the system or device should be automatically untrusted. For example, Windows tags files downloaded from the Internet with a "zone" marking; Microsoft Office products treat these documents as untrusted and disable macros and interactive content by default.

In each of these cases, an informed consumer may have the choice to override the defaults. I can choose to execute a macro in an Internet document, or to connect my home security system controls to the Internet, but it requires intentional choice, rather than default behavior.