Examples of failed IoT devices are numerous, and often involve errors, hacking or information theft.
Due to the lack of solid security protocols, more and more connected devices could easily leave users’ privacy vulnerable to cyber criminals. To make matters worse, manufacturers might not be so interested in investing in their security, as there no law forces them to do so.
“As with most consumer electronics devices, cyber security is an afterthought that will be integrated into the product in version 5 if we are lucky. When faced with a looming deadline like the holiday shopping season, given a choice between shipping a product or securing it, manufacturers will choose to ship every time,” Bob Baxley, Chief Engineer at Bastille, told Help Net Security.
A IOActive IoT Security Survey conducted in March 2016 by IOActive found that 47% of the interviewed users believed not even 10% of IoT devices currently available have proper security deployed, while 63% think IoT devices are more secure than medical devices, computing hardware or software in general.
“The big risk is not that a criminal will be able to break into your house through your smart lock, but that the smart lock will provide the attacker access to your network and online credentials. Why would a sophisticated criminal steal a $500 TV, when he could instead raid your bank account through your Internet connection?” Baxley added.
It’s not enough to announce the vulnerabilities of the devices, 83% of respondents said. It would be wiser to come up with stronger security measures, as well as some norm or set of rules for manufacturers.
“Consensus is that more needs to be done to improve the security of all products, but the exponential rate at which IoT products are coming to market, compounded by the expansive risk network created by their often open connectivity, makes IoT security a particular concern and priority,” said Jennifer Steffens, chief executive officer for IOActive.