A report by IoT platform and service provider Pepper IoT and cybersecurity firm Dark Cubed maintains that Smart devices do not protect user privacy and handle security very well.
“The State of IoT Security Report” created by the two brands reveals there are systemic security and privacy problems in smart IoT devices. These were discovered through testing of consumer smart home devices. The report includes the security posture of nine IoT devices and applications to help retailers that stock these devices (like Walmart) make informed choices that protect their customers.
The Alexandria, Virginia-based Dark Cubed tested and analysed security and the data communications for consumer IoT devices. While some IoT security tests that attempt to hack the device, this test monitored and captured these devices operating as designed and developed by the vendors. Several anomalies and unexplained communications risks were revealed. One shocking revelation was that by simply operating 12 IoT devices, can lead to the user’s data travelling around the world.
“If we do not address the problem of insecure consumer IoT devices and the lack of respect for consumer privacy soon, it is going to be too late,” said Vince Crisler, CEO of Dark Cubed, is reported to have said, in a statement. “Just because the space is complex and rapidly developing is not an excuse for retailers and regulators to turn a blind eye. In fact, the opposite is true. Retailers must consider security as a part of their buying processes and government must consider regulations that focus on consumer protections. We are passionate about these issues and excited to work with Pepper IoT in leading change.”
Most connected devices require a sophisticated networked platform to manage communications, and protect data. That helps them to identify and patch vulnerabilities, and deliver a quality experience. Most of the consumer-connected devices available in U.S. retail today are managed by offshore platforms. Understandably, these platforms do not take the responsibility and have no motivation to protect user data or ensure high security standards. As a result, most devices that are insecure from the moment they were installed have the potential to do immediate damage to connected ones. The solution is to secure these devices from day one to ensure protection of consumer data.
It is imperative that the market consider security a priority. It is scary that for this report, several of the devices reviewed were at high risk or completely insecure. This pointed to the fact that security was not being taken seriously neither by the manufacturer nor its platform provider and as a result, these devices could potentially leak sensitive consumer data and open direct lines of communication to servers in countries of concern.
“Just as retailers wouldn’t sell unsafe toys, tainted lettuce or products with toxic chemicals, they have a responsibility to sell safe and secure IoT devices to consumers,” said Scott Ford, CEO at Pepper IoT, is reported to have said in a statement. “We are highly motivated to partner with Dark Cubed. Their report highlighted some of the key problems in the IoT market that we are solving. We are committed to working with major retailers and device manufacturers to leverage our trusted U.S.-based platform for secure and private consumer IoT management.”
As the supposedly smart devices are proliferating homes and workplaces, – voice-controlled speakers to interactive doorbells to internet-connected refrigerators to remote-controlled light bulbs and electrical outlets- most consumers don’t know too much about what these smart devices are doing behind the scenes. They usually have no inkling about their other connections, the information they are capturing, the visibility of that information? The biggest question should be, can that inadvertently collected data be misused by malicious actors?
Lack of visibility into privacy and security is a clear and present danger, apparently. There is no easy way for consumers to be aware of these risks, to ascertain whether his or her device is safe.
Quoting the report, “We believe that the distributors and retailers of these devices must conduct technical due diligence to ensure that communications are managed by a trusted and soon-to-be regulated U.S. company for the best chance at user security and data privacy, but this is clearly not being done by major retailers today.”