Internet of Things (IoT) devices have the ability to change the state of the environment around them, or even their own state, such as by raising the temperature of a room automatically once a sensor has determined that the room is too cold, said by the Research Vice President at Gartner.
Nowadays, from refrigerators to home alarms everything is wired and interconnected, such devices are called IoT. For efficient functioning, IoT requires access to the most sensitive personal data of the user. As the number of connected IoT devices is constantly increasing, security concerns are also continuously growing. Considering the importance of what IoT devices have access to, it’s vital to realize their security risk.
The “Internet of Things Research Study”, Conducted by researchers at HP Fortify reveals that researchers uncovered 250 vulnerabilities in just a small sample of some of the most popular Internet of Things (IoT) devices. That is, they found that 70 percent of the most commonly used IoT devices contain vulnerabilities. HP used its application security software, Fortify on Demand, to scan 10 of the most popular IoT devices and found out on average, 25 vulnerabilities per device. The report says that many of the vulnerabilities were severe and resulted in remote code execution, vulnerabilities like Heartbleed, denial of service, and cross-site scripting attacks.
The report finding also disclosed that majority of devices in IoT included some form of cloud service and all the devices included mobile applications which can be used to access or control the devices remotely.
Other findings include:
- 90 percent of scanned devices collected some form of personal information by itself, through the cloud or through its mobile application.
- 80 percent of IoT devices tested, including cloud and mobile components which failed to require passwords of necessary complexity and length with most permitting for passwords such as “1234” or “123456”.
- 70 percent did not encrypt communications to the internet and local network.
- 60 percent of devices did not use encryption when downloading software updates.
- 60 percent of devices raised security concerns with their user interfaces.
With many devices collecting some form of personal information such as name, address, data of birth, health information and even credit card numbers, even a slight loophole can give a chance for the hackers to take control over the device. Additionally, the Internet of Thing connects and unifies countless objects and systems; hence, there will be a significant challenge for the developers to keep it secured from the hackers.
So what should be done?
- As developers or manufacturers of IoT devices, one should build security into these products from the beginning to disrupt the adversary and combat any risks.
- Data center managers need to deploy more forward-looking capacity management with IoT devices.
- According to Gartner Vice President Joe Skorupa, “Companies need to test their devices on a continuous basis to ensure that they catch vulnerabilities as early as possible.”
- As an owner of the IoT devices, one should be extra cautious in terms of the sensitive personal information that are shared with these devices and make sure that all sensitive data is safely stored.