Hacker News new | ask | show | jobs
by ekux44 3506 days ago
Philips may have fixed the vulnerability in an update, but that's insufficient if these devices don't have high update rates.

I wonder how many years until there are fewer than 15000 vulnerable Hue devices in Paris...

We should hold manufacturers accountable for not aggressively pushing security updates on their users.
2 comments
mivok 3506 days ago
Hue forces updates on you every time you go into the app if there's one available, and you can't use the app until you've updated. Granted this isn't ideal if you primarily use your light switch or an amazon echo to control the lights, and fully automatic updates would probably be better, but it comes pretty close to aggressively pushing updates.
link
TeMPOraL 3505 days ago
It's pretty aggressive alright. I'm working on my own (RPi-based) controller but for now, I'm still primarily using Hue app for controlling the lights at my home. So every two weeks or so, when I come home in the evening, I'm forced to sit in darkness for 10 minutes as the update installs itself (they say lights must stay powered, so I don't dare powercycle them during the update).

First world problems and all.

link
ekux44 3505 days ago
I use my Hue lights daily, but I haven't opened the official app in years thanks to 3P apps & Philips's own Zigbee switches.
link
WorldMaker 3505 days ago
I am very happy that my preferred third party app (Huetro, which runs on just about every device the UWP supports) checks for updates for me (and is kind enough not to nag about it but make it clear when one is available) because I never open the official app anymore (but as this article points out do need to keep things updated).
link
swiley 3506 days ago
>We should hold manufacturers accountable for not aggressively pushing security updates on their users.

There's really no way to /force/ companies to support products they release like that. The company may not even exist a few years down the road. You could force them to release the firmware source so the users/community can patch it themselves but I don't see a way to do what you're saying.

link
duaneb 3506 days ago
If you could sue over security this wouldn't be an issue: we'd actually have a bug program that worked.

Also, the market would be harder to enter. I don't see a problem with this.

link
T-Winsnes 3505 days ago
How would you sure a company that doesn't exist anymore?
link