How to improve IoT security

The tsunami-sized trend to add intelligence with sensors and actuators and to connect devices, equipment and appliances to the internet poses safety, security and privacy risks.

Proof comes from a recent meta-study titled The Internet of Hackable Things (pdf) from researchers at the Technical University of Denmark, Denmark; Orebro University, Sweden; and Innopolis University, Russian Federation—compiled from industry and academic research reports—that finds smart devices used in healthcare and smart homes and buildings pose daunting risks.

The authors quantify the risks of Internet of Things (IoT) devices:

  • 90% of devices collected at least some information via the device
  • 80% of devices, along with their cloud and mobile components, did not require a password complex enough
  • 70% of devices, along with their cloud and mobile components, enabled an attacker to identify valid user accounts through enumeration
  • 70% of devices used unencrypted network services
  • 6 out of 10 devices that provided user interfaces were vulnerable to a range of weaknesses, such as persistent XSS1 and weak credentials

Some of the data and examples used by the authors were somewhat dated. Nevertheless, they are still a concern because most of these devices are still in use, especially medical devices.