Remember the Tamagotchi? You know, the Japanese electronic toy pet from the 90’s that required constant futzing and maintenance otherwise it would die? 76 million of them shipped and they were a big hit. My best friend’s kids had ‘em and they would cry when they died and would cry even more if some sort of real life thing got in the way of the constant futzing you needed to do to keep them alive. Keep this in mind, we’ll circle back on this thought.
Recently on Twitter I saw an interaction where someone was joking about having to patch his microwave oven and do OTA updates to his TV. This was shortly after I had to endure a Win10 reboot on a slow laptop after updates, which came on the heels of getting sick of my Nexus 6 nagging me about updates which started shortly after my petcam wanted new firmware.
We are faced with a world of increasingly intelligent things – or perhaps a world increasingly plagued by an array of consumer devices with some sort of embedded compute. Perhaps in an ideal world, each and every device that had embedded compute would have just enough custom software and hardware to do the job and that software would be in a perfect, bug and vuln-free state when shipped.
The reality with many consumer devices is that for a variety of reasons the software is usually some sort of cookie cutter shareware OS and common libraries, apps and other components running on commodity hardware. In many cases, the software is an afterthought or a necessary evil needed to breathe life into the hardware, which is the real focus. Much of the work done is, to be charitable, jugaad (a marvelous word at the intersection of Hindi and redneck meaning to git r done with available resources, skills and time with a focus more out final outcome than process, grace or beauty of implementation) or, to be less charitable a grotesque hack. Many times software which has been known to be broken from security or other standpoints for years is loaded on to fresh hardware. Devices ship with multiple well known vulns that should have been fixed years ago – happens all the time.
So, here we are. What now?
There are two paths really. One path is that the manufacturer never updates software, never publishes updates and if this creates problems for the consumer later on, life is harsh and they can buy a new one. Of course if your home network gets pwnt via an attack that crawled up some IP controllable LED lightbulbs straight outta of Shenzhen, well too bad. Indeed, perhaps from the standpoint of APT1 that would be a patriotic feature and not a defect.
The other path, the way of the Tamagotchi, and arguably the right way to do things, is to ship things knowing that later updates will be needed, either to fix bugs, add features or deal with security issues. This is a realistic perspective, especially if you understand the complexity of some of these embedded systems and the sheer number of different packages, apps and libraries in use, all coming from different source.
The flip side to this is that you end up having to constantly futz with things in order to keep them alive – much like a Tamagotchi. Back in the day you might buy a refrigerator with the expectation that you are going to plug it in and then have cold storage for 20+ years with little more than a quick wipe down or two until you unplug it and haul it away. Now, you may end up having to patch your fridge. Here’s a video showing the process on a new Samsung.
Going forward, one can only hope that as the number of Internet of Tamagotchi devices increases, that manufacturers will figure out ways to transparently, automatically update these intelligent devices. The alternative is a comediotragic hellscape of beaten down consumers being constantly nagged to update cars, TVs, clock radios, rice cookers, microwaves and other gadgets which in the past just worked.