Writing in his Ubuntu bog, Core evangelist Thibaut Rouffineau said that his organisation surveyed 2000 consumers about their Internet of Things devices.
They found that only a third of consumers that own connected devices perform updates as soon as they become available.
Another 40 per cent have never consciously performed updates on their devices and two thirds thought that it was not their responsibility to keep firmware updated.
A fifth believed it was the job of software developers, while 18 per cent considered it to be the responsibility of device manufacturers.
Canonical thinks that better automatic mechanisms were needed to fix vulnerabilities remotely as a way to secure IoT.
“We need to remove the burden of performing software updates from the user and we need to actively ban the dreaded ‘default password’, as Canonical has done with Ubuntu Core 16,” Rouffineau said.
“It’s clear to us that too many of the solutions to IoT security proposed today involve either mitigating security issues after-the-fact, or living in a world where IoT security problems are the accepted norm. This should not and cannot be the case.”