Survey finds IoT security gap
Written by Peter Walker
Despite UK families owning an average of five smart home devices, only 15 per cent utilise software or apps to protect the Internet of Things (IoT) devices in their home.
A survey conducted by Open-Xchange in collaboration with Censuswide among 2,005 parents also found 17 per cent do not use any protection at all, while 67 per cent use anti-virus and anti-spam software to protect only their desktop devices from malware, adware and phishing tactics.
Consumers themselves demonstrate scepticism towards cyber-resilience on IoT devices, according to the research, with 28 per cent of parents reporting no desire to strengthen security measures for their connected devices. Even with data breaches featuring heavily in the news, 41 per cent stated they are either not very concerned or not concerned at all by the risk of a potential cyber-attack.
However, family protection and managing how children roam the web has become a major concern, with 80 per cent of parents looking for more control over how much time their children spend online and 85 per cent wanting to dictate which websites their children have access to.
Rafael Laguna, chief executive Open-Xchange, accepted that the market for connected devices is ballooning as people fill their homes with the latest gadgets to make life simpler. “Yet, the convenience of connected home technology should not let us neglect our family’s online privacy and protection.”
The survey also found that 78 per cent of parents would rethink whether they adopt more smart devices in their home, and 85 per cent would consider changing their internet provider, in the event of a data breach.
Neil Cook, chief security architect at security software firm Open-Xchange, said: “The steady rise in cyber-attacks on connected devices certainly poses a threat to the growth of the burgeoning IoT sector, set to be worth $267 Billion by 2020.
“With more than 70 per cent of IoT devices vulnerable to attack, there is a massive opportunity for internet providers to update their offering, raise brand awareness and unlock new revenue streams by offering a truly secure online experience for all”.
Separately, security researchers at Avast have uncovered what they described “the most sophisticated botnet that they have ever seen” that is targeting IoT devices.
This new IoT malware strain/botnet labelled ‘Torii’ has spread over poorly secured Telnet services, with the attack coming from Tor exit nodes. The malware captures data from IoT devices, and gives attackers remote code execution, allowing them to hijack infected devices, and run any command they choose. Torii is able to fetch and execute other commands through multiple layers of encryption, share device information, and execute any code or deliver any payload to the infected device.
Sam Curry, chief security officer at Cybereason, stated it is imperative that manufacturers think about the effect that their product at scale will have. “This means planning for upgrades and patches in a secure fashion and leveraging hardware-based security and strong cryptography – the technology exists today and isn’t moonshot stuff; it just needs to get done.”