An anonymous reader writes: The internet-of-things is here to stay. Lots of people now have smart lights, smart thermostats, smart appliances, smart fire detectors, and other internet-connect gadgets installed in their houses. The security of those devices has been an obvious and predictable problem since day one. Manufacturers can’t be bothered to provide updates to $500 smartphones more than a couple years after they’re released; how long do you think they’ll be worried about security updates for a $50 thermostat? Security researchers have been vocal about this, and they’ve found lots of vulnerabilities and exploits before hackers have had a chance to. But the manufacturers have responded in the wrong way. Instead of developing a more robust approach to device security, they’ve simply thrown encryption at everything. This makes it temporarily harder for malicious hackers to have their way with the devices, but also shuts out consumers and white-hat researchers from knowing what the devices are doing. Stanford, Berkeley, and the University of Michigan have now started the Secure Internet of Things Project, which aims to promote security and transparency for IoT devices. They hope to unite regulators, researchers, and manufacturers to ensure nascent internet-connected tech is developed in a way that respects customer privacy and choice.
of this story at Slashdot.