About this research

This research was conducted in Autumn 2017 and consisted of a mix of interviews and literature reviews.

The interviews were with a variety of experts with commercial experience building connected devices. This ranged from early-stage Internet of Things startups to an established manufacturer with thousands of units.

We would particularly like to thank Alex Lennon, Adrian McEwen, Andrew Collinge, Ben Laurie, Josh Aas and Sam Labs.

Further reading and references

• Center for Democracy & Technology - An Exploration of Strict Products Liability and the Internet of Things
• How To Secure The Network Edge
• ESP8266: Continuous Delivery Pipeline — Push To Production
• How Open Energy Monitor use PlatformIO to update their ESP8266 module
• How Chrome extensions are cryptographically validated
• Over the air update — ESP8266 Arduino Core
• ArduinoOTA - insecure over-the-air update library for ESP8266
• Secure by Design - Department for Digital, Culture, Media & Sport