TL;DR If a device has a connection to a network, it needs a frequent update schedule.
Computational devices on the internet catch malware like preschoolers catch a cold. They come down with an infection in under two minutes. Every device needs an update schedule. I check mine on Tuesdays.
Go through your home, workplace room by room and any vehicles. Make a list of all the electronic devices. The ones that can connect to the internet should go right at the top of the list. If you can’t handle them all in one day, rotate through a different area every Tuesday.
Potentially Fast Updates
Manufacturers in this category have frequently thought about update problems as a way to keep customer service costs down. You may be able to breeze through this part of the list. If an autoupdate is available, turn it on. A bad update presents a lower risk than getting infected.
- Computers: desktop gaming, working laptop, kid’s machines
- Phones (including the emergency one)
- What’s under the TV? A commercial media server? Roku? AppleTV? Smart TV? Video game consul?
Very Important But Potentially Time Consuming
- Router(s), a first line of defense that frequently gets abandoned by manufactures. Search for “update firmware $YOUR_ROUTER_NAME”
- Cable Modems – Should be being handled by the cable company. Worth calling to ask what the schedule is. Search for “check firmware $YOUR_MODEM_NAME” so you can have the version information ready.
- What’s running on the NAS? Home servers?
Home grown threats
Projects using low powered chips not running a full OS’s with obscure home-rolled APIs probably don’t present the biggest threat. However, projects running embedded linux like on a Raspberry Pi projects should be kept up to date. This includes boards like the Yún using OpenWRT. Make sure when building networked devices follow best practices as well as possible.
Typically Impossible, so complain.
Searching for “update firmware $ITEM_NAME” and getting no answers will get very old, very fast. The better search might be “customer service number $ITEM_NAME.” Go ahead, scratch the activist itch. Call the company and ask what they’ve been doing to insure customer safety and support regular updates. When the information doesn’t pass muster, move to get your money back. Call or write your congress person and tell them that you support Frank Pallone, Jr. (NJ 6th) and Jan Schakowsky’s (IL 9th) Nov. 3 2016 letter to the FTC (PDF) requesting protection for consumers from insecure IoT devices.