markusspiske / Pixabay
IoT device security has been a major concern for some years now. A new survey has shown that many of the consumer “smart” devices in the US showed that neither the manufacturer nor the platform provider addressed security. These devices leaked sensitive consumer data and opened direct lines of communication to servers in countries of concern.
The State of IoT Security report tried to shed light on systemic security and privacy issues while testing consumer smart home devices available across retail stores in the US.
Service provider and IoT platform Pepper IoT and Dark Cubed, a provider of innovative cybersecurity solutions designed for small and mid-sized companies, have joined forces to raise awareness about security and privacy vulnerabilities plaguing household connected or “smart” devices. The partnership delivers solutions to IoT stakeholders who must ensure the protection of the consumers they serve.
For the report, Dark Cubed experts tested and analysed the security and the data communications across a cross section of consumer IoT devices. Unlike other IoT device security tests that attempt to hack the device, this test, though, monitored and captured these devices operating as designed and developed by the vendors, and revealed several anomalies and unexplained communications.
The report included the security posture of nine IoT devices and applications to help retailers make informed choices that protect their customers.
Some of the key findings of the report were:
- Device security is important, but the platform is much more critical: Connected devices require a sophisticated networked platform to manage communications, protect data, identify and patch vulnerabilities, and to deliver a quality experience. Many (potentially most) consumer-connected devices available in US retail today are managed by offshore platforms that have no motivation to protect user data or ensure high security standards.
- Patching will not fix systemic problems: Devices that are insecure from the moment they were installed have the potential to do immediate damage. These devices must be secure from Day One to ensure protection of consumer data.
Vince Crisler, Chief Executive Officer, Dark Cubed, said in a written statement, “If we do not address the problem of insecure consumer IoT devices and the lack of respect for consumer privacy soon, it is going to be too late. Just because the space is complex and rapidly developing is not an excuse for retailers and regulators to turn a blind eye. In fact, the opposite is true.”
Scott Ford, Chief Executive Officer at Pepper IoT, said,“Just as retailers wouldn’t sell unsafe toys, tainted lettuce or products with toxic chemicals, they have a responsibility to sell safe and secure IoT devices to consumers.”