Content

28 percent of IoT device designers recognize products capable of causing death

A recent study found approximately 28 percent of Internet of Thing (IoT) device designers indicated that the products they are designing are capable of causing injury or death in the event of a malfunction yet security standards are still extremely low.

Furthermore, of those products, the respondents anticipated that nearly half will be always or sometimes connected to the Internet which opens them up to potentially being manipulated by threat actors, according to the study Barr Group consultancy.

The study surveyed more than 1,700 qualified respondents and found that quarter of the designers of internet-connected products that could be dangerous do not have security as a design requirement. Of the products that the designers are working on, 19 percent follow no coding standards, 36 percent use not static analysis tools, and 42 percent conduct only occasional code reviews or none at all.

“When safety-critical devices come online, it is imperative that the devices are not only safe but also secure,” Barr Group CTO Michael Barr said in a press release. “Considering the many security concerns that currently exist in the IoT, any connected device that has not been designed with security in mind is at risk for tampering, and the results for safety-critical devices can be catastrophic

Connected devices such as medical devices and other critical systems that are connected to the internet pose the most serious threats, and researchers found that 22 percent of embedded systems engineers working on safety-critical products that would be deployed online said security was not even on their requirements list.

“Designers are taking a sluggish approach to securing these devices because at the end of the day, consumers don't care about it,” Vera CEO and co-founder Ajay Arora told SC Media. “Once it becomes a differentiating factor in consumer buys, then they will start taking security more seriously. Security is often viewed as expensive and a slow down to the overall manufacturing of the product.”

“Any devices that can record video, audio, or capture information via an interface, like a keyboard, are most vulnerable today,” Arora said. “Also, devices that are extremely cheap to manufacture and have low margin are pose a big risk. If they are in a highly competitive market, the race to market is often the reason flaws are overlooked.”

 

 

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.