Security related to the Internet of Things (IoT), it seems, still has a long way to go.
A new report by network security firm Zscaler has said a major threat was that the vast majority of IoT transactions were occurring over plain text channels, instead of the more secure SSL-encrypted channels.
Giving details, Deepen Desai, Security Research at the firm said in a blog post that the use of unsecured channels was “just one vulnerability with IoT devices.” He clarified that devices were “notorious for weak, preset passwords that often go unchanged.”
The report, titled IoT in the Enterprise: an analysis of traffic and threats, provides a general overview of the most frequently seen device categories, then takes a deep dive into the transaction data for specific types of IoT devices.
To help organisations get a better understanding of IoT activity in the enterprise, the ThreatLabZ research team analyzed IoT traffic across the Zscaler cloud during a one-month period between March and April 2019.
The report further said malware, too, was a threat to IoT devices. Each quarter, the Zscaler Cloud itself blocked about 6,000 transactions from IoT-based malware and exploits. And, earlier this year, the Zscaler ThreatLabZ team analyzed certain threats that were targeting IoT devices.
The fact is that there has been almost no security built into the IoT hardware devices that have flooded the market in recent years, and there’s typically no way to easily patch these devices.
While many businesses have thought security for IoT devices unnecessary because nothing is stored on the devices, this isn’t the case. The Mirai botnet attack illustrated how exposed companies can be as a result of their IoT devices, the research team pointed out.