Why So Many IoT Devices Remain Unpatched — Even with Secure OTA Updates
Robert Kelley explains how inconsistent update practices and missing lifecycle guarantees leave IoT devices exposed—even as security matures.
•1:43•HD•0 views
Why So Many IoT Devices Remain Unpatched — Even with Secure OTA Updates
Transcript
o we are seeing progress in a lot of IoT products and security. Some IoT vendors have matured to the point of just offering secure over the air updates.
um But even with that, many devices really remain unpatched due to lack of business inertia, lack of lifecycle guarantees and you know fragmented firmware updates infrastructure.
um A lot of the firmware updates aren't really even checked to make sure that they went through. you know Sometimes there's really just no even ping.
I mean, you've seen on your IoT devices where they're like, oh, firmware update needed. but they're still performing their function. A lot of people just don't even do that until they're forced to do it. So there's so many IoT devices out there in the ecosystem that are just inherently unpatched.
um So you know unlike enterprise IT, t which operates with service contracts, which state that they're going to be updated at a specific frequency, they're going to have vulnerability management, and they're going to be assessed constantly throughout their lifecycle to allow the customers kind of that ease of mind that they have a consistently updated and secured product.
you know IoT devices outside in the and the ether don't always have that. um they don't have that kind of enterprise level effort behind them.
um So that makes kind of the past path to securing IoT devices and out in the wild inconsistent. And, you know, the risk of them is inherently much, much higher than enterprise IoT.