Makers of IoT Devices Lack Maturity in Security Matters
A security firm tests 9 baby monitors and finds that 8 fail simple security tests, indicating that connected-device makers need to grow up, security-wise.Manufacturers of connected devices still have a lot of growing up to do when it comes to security. Consumer devices are increasingly designed to be connected to the Internet, but continue to have basic design flaws and security vulnerabilities that leave them open to attack. In a test of nine baby monitors, for example, security firm Rapid7 found 10 serious vulnerabilities, including five cases of vendors leaving in backdoor access to the devices. When the company created a scorecard of the security design of the devices, only a single device passed—earning a "D." None of the vendors advertised their security measures, or lack thereof, and the price of the devices, which ranged from about $50 to $250, had little relationship to how well they scored, according to Mark Stanislav, senior security consultant of global services at Rapid7. "It is really difficult, as a consumer, to know whether what you are buying off the shelf is secure," he said. "Unfortunately, the status quo for the Internet of things is not a high enough bar, in terms of security."
Connected devices, also known as the Internet of things, have been increasingly targeted by security researchers and are usually found to have significant security flaws. In February, the security arm of technology firm Hewlett-Packard found that connected security systems had significant vulnerabilities that could leave their users at risk of being hacked. Last year, Symantec and Rapid7 released similar research that found security holes in a number of devices.