Consumers worry about IoT security while researchers assess true threats
While most consumers say they don't believe their Internet of Things (IoT) devices are secure, Kaspersky Lab researchers set out to accurately assess the vulnerabilities in common items.
More than half of consumers don't believe Internet of Things (IoT) devices have the necessary security in place to keep their data secure, according to new research from Auth0.
Adding insult to injury, developers shared consumers' worries, with 90 percent believing the IoT devices on the market currently don't have proper security measures in place. In a separate study, Kaspersky Lab researchers, and in particular, David Jacoby, looked around his home for IoT devices. Naturally, Jacoby wanted to test how vulnerable his products were and what kind of security risks they posed.
After analyzing multiple devices, including a connected home security system, a smartphone-controlled coffee machine, and a baby monitor, the researchers determined vendors were, in actuality, doing a decent job of security.
“Nevertheless, any connected, app-controlled device that is usually called an IoT device is almost certain to have at least one security issue,” the researchers' blog post stated. “However, the probability that they will be critical is not that high.”
Among the vulnerabilities discovered in the coffee machine, for example, was one that could have led to the “leakage of the password to the home wireless network.”
When the machine communicates with the user's smartphone, it sends the wireless password in encrypted form. However, the encryption key components are sent through an open, non-protected channel. Using these components, an attacker could decrypt the home wireless password.
The research team also identified vulnerabilities in baby monitors that could allow an attacker to take full control of the camera, as well as listen to audio and stream video footage. These vulnerabilities have already been well-documented in broader news stories.
The post added that even low severity flaws could be used in some attacks. Therefore, Kaspersky recommended thoroughly researching any connected device before investing, and possibly waiting a bit before purchasing the newest goods.