CIO Influence
Automation CIO Influence News IoT Security

New Report Highlights the Unsettling State of IoT Device Security

New Report Highlights the Unsettling State of IoT Device Security
Dark Cubed reveals significant privacy and security flaws in consumer IoT devices and a lack of attention to the security of these devices by manufacturers and major retailers.

Dark Cubed, the cyber security company empowering small and medium sized businesses with affordable, automated network protection, announced the release of a major update to their “State of IoT Security Report.” This report regrettably concludes that IoT security quality has largely regressed in the 2 years since Dark Cubed released its inaugural report on the subject.

“Every day, millions of Americans use myriad Internet of Things (IoT) devices connected to their home networks, purchased from major retailers.  Little do they know these devices have little or no security controls resulting in significant privacy and security concerns,” noted Vince Crisler, Dark Cubed CEO and principal author of the report.  “The largely unfettered exposure these ubiquitous devices have to bad actors and potentially hostile nation states should be alarming to their manufacturers, policy makers, and device users.”

Recommended ITech News: Globys Announces Development of Applications to Connect Communications Service Providers and Enterprise Customers Utilizing ServiceNow

The report’s conclusions include:

–  Every device evaluated had strong supply chain and business connections to China.
–  Most devices had at least one network connection to a server based in China.
–  Many devices failed basic security checks and had significant, basic vulnerabilities
–  Most devices lack even the security required to prevent complete visibility into consumer’s private images to anyone in the network path between your house and the IoT provider.
–  Most of the Android applications are woefully insecure and were observed sending data to servers in China; Android applications that are installed on our phones with access to every detail of our private lives.

During the course of the study, 10 home automation devices in the $20 to $100 price range were purchased and analyzed using open source tools and the cyber security experience of the Dark Cubed team.  The companies branding the devices as well as their technology and data supply chains were also assessed, highlighting not only the complex web of organizations and technologies behind seemingly basic household devices, but also how many of those relationships lead US citizens’ personal data back to storage on Chinese infrastructure.

Recommended ITech News: Innovium Transforms Networking with Open-source Software, Data Center & AI Optimized Switches and Disruptive TCO

Additionally, basic attack vectors were launched against the devices to identify inherent vulnerabilities to relatively unsophisticated cyber attack techniques, and disconcertingly, nearly all the devices tested failed to include fundamental security mechanisms that would render them invulnerable to such primitive attack techniques.

According to Crisler, “US companies and government agencies spend countless millions protecting against Chinese attacks, but the threat of compromise to the millions of devices in our own homes and the personal and intimate data collected by those devices has been largely ignored.  We hope this report will help shine a light on what is the trojan horse many of us have unwillingly welcomed into our homes.”

Recommended ITech News: Cleveland Clinic and IBM Unveil Landmark 10-Year Partnership to Accelerate Discovery in Healthcare and Life Sciences

Related posts

Reducing Waste and Managing Commitments Top Key Priorities for FinOps Practitioners

PR Newswire

Empire Access Expands to South Elmira, New York

Business Wire

VoCoVo Brings Industry First Wi-Fi-Free Voice Communication Technology to NRF 2022

CIO Influence News Desk