Security Pros give IoT Devices Poor Marks

Information security professionals expressed doubts about the security of connected products, an IOActive survey revealed.
Information security professionals expressed doubts about the security of connected products, an IOActive survey revealed.

In-brief: Security professionals think your chances of owning a secure Internet of Things devices are 50-50 – at best, according to a new survey by the firm IOActive.

Security professionals think your chances of owning a secure Internet of Things devices are 50-50 – at best, according to a new survey by the firm IOActive.

Eighty five percent of information technology professionals surveyed by IOActive said that”less than half” of IoT products are secure while a plurality (47%) were of the opinion that less than 10% of all IoT products on the market are designed with adequate security, IOActive reported. (Check out IOActive’s infographic here. )

The survey of 170 professionals was conducted in March, according to Daniel Miessler, IOActive’s Director of Advisory Services.

Speaking with Security Ledger, Miessler said that opinions were likely informed both by consumer grade connected products such as home surveillance cameras and wearables, but that such technology is quickly finding its way to the enterprise

“Consensus is that more needs to be done to improve the security of all products, but the exponential rate at which IoT products are coming to market, compounded by the expansive risk network created by their often open connectivity, makes IoT security a particular concern and priority,” said Jennifer Steffens, chief executive officer for IOActive.

[See also: Research raises alarms on connected home products.]

Miessler said the biggest issues with Internet of Things devices include sending data back and forth between devices, mobile applications and cloud based management servers without proper encryption. Lax security can be found at each point in the Internet of Things ecosystem: endpoint, mobile app and cloud, he said.

According to Gartner, 21 billion connected things will be in use by 2020. IOActive said that companies need to develop products with security designed in from the beginning.

“It’s important for the companies that develop these products to ensure security is built in; otherwise hackers are provided with opportunities to break into not only the products, but potentially other systems and devices they’re connected to,” Steffans said.

Miessler said that recent surveys indicating that consumers are holding back from purchasing technology products and services because of fears about security and privacy risks could be the motivation to get companies to take the issues more seriously.

“You see the growth, but you have to wonder how much more it could be – 12%? 15%,” he said.

Private and public efforts to develop standards and ratings systems for connected products could also give companies incentives to “brand” around security, just as automakers like Volvo did a generation ago, Miessler said.

Groups like Underwriters Lab have recently launched evaluation programs for connected devices.

Comments are closed.