According to security provider Bitdefender, just two out of 10 users who technically live in a connected home are actually aware of it. That, and a proliferation of connected devices that is estimated to reach 20 billion by 2020, is creating a massive security shortfall that, if unaddressed, could have catastrophic consequences.
Many ‘Internet of Things’ (IoT) devices, including kettles, toasters and other household items, have default passwords that are easily hacked. Others don’t even have security updates enabled. America’s FCC has laid out a “risk reduction program” for IoT product. But following November’s shock Presidential election result the plan was put on hold.
Bitdefender senior e-threat analyst Liviu Arsene is concerned. “With these smart gadgets, most people just want to add a feature to an everyday task,” he tells Red Herring. “However I don’t think anyone planned for IoT adoption at such a rapid pace.
“The Internet wasn’t built for so many insecure devices, being controlled at the same time,” he adds. Recent months have seen a slew of large-scale hacks, including one that downed some of the web’s biggest sites, and another that cut Internet access across the entire country of Liberia.
Despite these attacks, Arsene says, most people still do not keep security in mind when purchasing IoT products.
“I have no idea why people don’t make a different between what a smart home is and what IoT means,” he adds. “People don’t know they’re living in one. There are 10-15 connected devices in the home but people don’t understand how they are connected to the Internet.
“We’re seeing the same type of behavior as with Windows and other operating systems when they emerged,” says Arsene. “People had no idea about security. The same thing happens with connected devices. People don’t know there are dangers that can be exploited.
“I work in the security industry, and I’ve trained my parents to connect devices securely,” he adds. “Not everybody can do that.”
Bitdefender’s research, which focused on the UK, revealed that only 47% of users have a unique password for each IoT device. 38% have never updated firmware or default software packages.
“What’s clear is the need to safeguard devices within the home,” the company writes. “From smart kettles, fridges, network-connected cameras, smart lights, Internet connected thermostats and even laptops and tablets – everything that connects to the Internet is a potential entry point into the home for hackers.”
In response Bitdefender has released the second generation of its Box, a device able to identify any connected household device and protect from phishing, fraud and network attacks.
“It is able to inform the user which vulnerabilities these devices have, and how the average user can update that device,” says Arsene. “Because if you don’t know, you can’t change it.”
Box 2 uses machine learning to spot users’ Internet traffic habits, and improves on hardware developed for its successful first-generation product. Pre-orders will open this summer, and shipments are expected to begin by the end of 2017 in the US, followed by Europe and Japan.