Security firm Bitdefender says, in a newly published whitepaper, that as homes fill up with gaming consoles, baby monitors and smart TVs and wireless surveillance systems, a “frighteningly high proportion” of IoT device are being sold without in-built security systems".
“What users don’t know is that a worryingly high proportion of IoT device are sold without in-built security and even lack an operating system that supports the installation of security software agents,” warns Bitdefender.
Bitdefender cites a Gartner 2018 report that claims there will be about 20.8 billion IoT devices globally by 2020 – and says “from tablets to water coolers, seemingly every household item is finding itself IoT enabled, and there are no signs of slowing down”.
• Sixty percent of consumers have never performed any firmware updates on their wireless router.
• Fifty-five percent of smart TV users have never performed a firmware update.
• Seven out of 10 consumers have at least one camera connected to the Internet through a vulnerable router.
“The IoT market has been booming in the past two years, impacting both consumers and businesses across sectors worldwide. Even though the technology has been widely adopted with great enthusiasm, a thorough security pattern still hasn’t been properly discussed to ensure its further growth in an increasingly sophisticated threat landscape,” Bit Defender says in its newly published whitepaper.
“Following large-scale cyberattacks launched through exploited IoT botnets in the past two years, IoT risk awareness has slightly increased, yet smart devices are still vulnerable,” the whitepaper notes.
“One major cause is that manufacturers rush to deliver innovative gadgets that catch the eye of the consumer, but completely disregard end-to-end encryption.
“Many smart devices currently available on the market are vulnerable to third-party intrusions. Because traditional security software can’t fend off attacks, home and enterprise networks are left defenceless.
“The industry is not far from jeopardising users’ physical safety, as vulnerabilities have been detected on multiple occasions in medical devices, pacemakers, security cameras, smart doorbells, baby monitors and connected cars.”
Bitdefender says in its whitepaper that “ideally, two solutions to the problem would be to integrate security from the design stage, and to enforce a security and risk management pattern issued as a joint effort of legislators, security experts and manufacturers”.
“IoT security is approached with uncertainty as tech leaders have trouble defining accurate guidelines for overall deployment. While the industry struggles with risk management, hackers surely don’t waste their time in taking advantage of the lack of a unified security approach and technical standards to develop complex attack strategies to bypass traditional security,” Bitdefender cautions.
According to Bitdefender, the rise of machine-to-machine communication and the surge in consumer smartphone usage, Internet, and social networks have established IoT security as a “strategic pillar” in the digital landscape.
The firm says users should look into deploying a complete, multi-layered cyber security solution that immediately pinpoints weaknesses in infrastructure and “prevent snoops from hijacking smart devices”.
According to Bitdefender, a solution based on advanced machine learning algorithms that leverages years of experience in vulnerability assessment and detection could reduce risks.
“No smart device is insignificant, as each represents a potential attack avenue hackers can manipulate to get inside a home network and take control over all devices linked to it."