March 16, 2017
Securing the Internet of Things (IoT) from hackers and cyber crooks needs to be a top concern for manufacturers, consumers and broadband network providers.
More than 26 million U.S. households own at least one smart home device, which represents a 35 percent increase from the beginning of 2016. Half of consumers say privacy is their greatest concern when connecting smart devices to the internet, and 40 percent say they have experienced a privacy or security problem with a connected device in the past year, according to a recent research report from Parks Associates.
Because many consumers just want their devices to be “plug and play,” they expect manufacturers to build IoT devices that are secure directly out of the box. Yet, in the rush to cash in on the smart home boom, many IoT devices do not encrypt their communications or use a form of encrypted transport that is vulnerable to attack. Worse yet, too many manufacturers have short changed security by shipping devices with obvious default protocols such as “admin” and “password.” Consumers don’t realize they need to strengthen weak default passwords and download software updates once their smart garage door opener is online.
The Mirai botnet attack of October 2016, which threw massive amounts of junk traffic at servers that provide DNS services for websites large and small, exploited these weaknesses turning baby monitors and security cams into attack devices.
Government agencies have acknowledged security problems inherent in IoT devices. The National Institute of Standards and Technology (NIST) and the Department of Homeland Security (DHS) have issued IoT security guidelines, but voluntary recommendations fall short of the legislative action some security experts recommend.
The Federal Trade Commission (FTC) is offering a prize for the creation of an innovative tool that will help protect consumers and networks from security vulnerabilities in the software of home devices connected to broadband networks. The agency is offering a cash prize of up to $25,000 for the best technical solution that would automatically check and install updates for IoT devices on a home network and/or patch hard-coded, factory default or easy-to-guess passwords.