Everyone in the industry knows IoT security is a mess. The industry has proven incapable of coping with cybersecurity problems as the commoditization of technology doesn’t allow for any unnecessary costs, including security.
Following an indictment of D-Link by Federal Trade Commission (FTC) back in 2017, a few weeks ago the parties agreed to a settlement that seems to put some real security measures in place to improve the protection of consumers from basic security vulnerabilities.
One of the requirements, which is close to our heart at Mender, is that D-Link now is obliged to provide automatic firmware updates, and accept vulnerability reports from security researchers for all of their home routers.
This might be a small step in the right direction, but hopefully it will set precedences among the other players in the industry. To read more about the settlement and its implications, see "U.S. government imposes stricter IoT security measures on D-Link".