As the holiday shopping season looms on the horizon, sales of connected devices are expected to flourish. From a plethora of intelligent assistants such as smart fitness mirrors and connected doorbells, there is a connected device for you. However, these devices are often a hacker’s prime target due to lax security.
While a lot of time and money is invested in the features and functionality of these devices, security is often woefully neglected in the rush to get products to the market. This has been a key driver in manufacturers deploying default passwords as standard and failing to ensure that software is frequently updated.
The looming regulation in California — coming into effect in 2020 — should help to reduce the use of default passwords, but it will not eradicate them. It is the first regulation in the U.S. that will help ensure manufacturers of IoT devices equip their products with security features out of the box.
However, many manufacturers appear to be ignoring the pending regulation as evidenced by the 600,000 GPS trackers that were recently manufactured in China, and have been shipped across the globe. These devices have a range of vulnerabilities including a default password of 123456. Making the situation worse, these devices were to help parents track their children. This is just the tip of the iceberg in terms of the magnitude of the default password problem.
It’s clear that the rapid growth of IoT is resulting in many vulnerable devices entering our homes and businesses, expanding the potential attack vector for hackers. By 2020, a staggering 25% of cyberattacks within enterprises will involve IoT devices, according to Gartner.
If manufacturers’ recent track record is any indication, we can expect many organizations to continue to circumvent IoT security regulations. At the same time, the U.S. government shows no urgency in punishing these organizations or enforcing broader policies. As such, the responsibility falls to consumers and employers to take action and mitigate the security risks associated with smart devices.
To do this, consumers and employers must explain the steps people need to take to protect their personal information when using connected devices. For home use and enterprises, it’s about replacing default passwords before devices connect to the network. However, it’s also important that the new password is both strong, unique and uncompromised before using or connecting the device.
You wouldn’t drive your car without a seatbelt on, and you shouldn’t use a smart device with a default password. It is also recommended that IoT devices are not connected to networks with personal or corporate data. Many security experts recommend connecting them to a hidden guest network with separate security settings.
As the physical and digital worlds continue to blend, security must play an increasingly prominent role, and everyone must educate themselves on how to protect their valuable data. This holiday season, make sure that in the rush to embrace all things digital, choose safe passwords and keep your IoT devices off sensitive networks.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.