Danny Palmer
| November 5, 2021
| Topic: Security
How these unusual smart devices can be hacked and what it means for the IoT
Watch Now
Four out of five Internet of Things (IoT) device manufacturers are failing basic cybersecurity practices by not providing a way for people to disclose security vulnerabilities in their products – something that can potentially put users of the device at risk of cyberattacks and breaches of privacy.
Research by the IoT Security Foundation (IoTSF) – a tech industry group that aims to help encourage securing the Internet of Things – analysed hundreds of popular IoT product manufacturers and found that only just over one in five advertise a public channel for reporting security vulnerabilities in order for them to be fixed.
Internet of Things devices are increasingly a fixture in homes and offices. While many household brands do ensure their products are equipped with good security practices – the report cites technology firms including Sony, Panasonic, Samsung, LG, Google, Microsoft, Dell, Lenovo, Amazon, Logitech and Apple among these – it’s common for consumers to purchase cheaper alternatives that don’t have as much of a focus on security.
SEE: Cloud security in 2021: A business guide to essential tools and best practices
That means if security vulnerabilities are uncovered and there’s no means for informing the manufacturer, it could put users at risk. That’s particularly the case for companies that appear to have shut down – which the report notes, some have – meaning even if there was a means of reporting the vulnerability, it’s unlikely to be fixed.
But while the research paper often presents a grim picture of the IoT security landscape today, the IoT Security Foundation believes that eventually, that will change and it will become a fundamental part of product design.
“Security is a bit like quality. For it to be properly delivered, it needs to be endemic within all processes within a company so that it is assured throughout – that is, not an afterthought or bolted on,” John Moor, manager director of the IoT Security Foundation, told ZDNet.
“It is my belief that security will follow a similar path to that of quality over the past 30 years as we transform our society and economies to be more digital – if we establish a general understanding of its fundamental importance and get the processes right, we’ll do it naturally – not as an add-on,” he added.
MORE ON CYBERSECURITY
Critical IoT security camera vulnerability allows attackers to remotely watch live video – and gain access to networksIoT security: Why it will get worse before it gets betterDon’t want to get hacked? Then avoid these three ‘exceptionally dangerous’ cybersecurity mistakesRansomware: It’s only a matter of time before a smart city falls victim, and we need to take action nowThis old security vulnerability left millions of Internet of Things devices vulnerable to attacks
Security TV
|
Data Management
|
CXO
|
Data Centers