The Internet of Things (IoT) is opening the door to both cyber crime and real world crime because of its inadequate cyber security measures.
These are the findings of a new report by application security company Veracode. The firm says that the IoT – the interconnected network of devices and systems that are created with inbuilt links to the internet – is creating risks to both consumers and businesses.
Gartner states that at present there 4.9 billion connected devices in use. But the IT analyst firm predicts that this will grow to 20 billion by 2020, therein highlighting the need to ensure these devices are better designed to fight off cyber attacks and hacking attempts.
Veracode investigated the Chamberlain MyQ Internet Gateway, the Chamberlain MyQ Garage, the SmartThings Hub, the Ubi, the Wink Hub, and the Wink Relay. The findings were that they were poorly equipped in terms of cyber security, which in turn was creating a pathway to robbery, theft of sensitive data or stalking.
The report, titled Internet of Things: Security Research Study, claims: “Businesses are increasingly being breached by attackers via vulnerable web-facing assets; what is there to keep the same from happening to consumers? The short answer is nothing.”
It added: “Already, broad-reaching hacks of connected devices have been recorded and will continue to happen if manufacturers do not bolster their security efforts now.”
In the consumer IoT devices it monitored, Veracode found that a hacker could find out details such as the amount of noise and light in a house or even when a garage door was open, thereby offering them information that could lead to a physical break-in. Moreover, private and sensitive data collected by everyday devices was also at risk if the companies making these devices did not do more to improve their cyber security features, which at present remain too much of an afterthought.
The report concludes: “We need to look at the IoT holistically to ensure that the devices, as well as their web and mobile applications and back-end cloud services, are built securely from their inception. Security should not be treated as an afterthought or add-on, or we risk putting our personal information in jeopardy or even opening the door to physical harm.”