IoT : Devices Currently Might Not Provide Adequate Safety

A recent study carried out by the researchers from HP for checking safety of 10 different categories of objects related to the Internet of Things (IoT), showed how the devices are extremely vulnerable for not following the adequate safety standards. In previously published two articles – Internet of Things, Cloud and Espionage of Safety and Impact IoT (Internet of Things) Will Deliver To the Security Firms, we expressed the concern about security and privacy of the common users.

In the published paper, tests involved the most common categories of IoT devices, namely – TVs, webcam, hub for controlling multiple devices, electronic locks, anti-theft systems and systems for automatic opening garage doors and entrance of home.  Each device was connected to its cloud service or a mobile device and was able to control it using specialized applications, in the way they are intended to work.

IoT : Different Devices Is Not Following Adequate Safety Standards

The researchers identified 250 vulnerabilities that would allow a potential attacker to act with extreme creativity, ranging from problems related to the privacy of users to flaws in cryptographic protocols and interfaces of the web administration. The methods to upgrade firmware returned some unsafe methods and protection systems for the login credentials were inadequate.

The following other main points which emerged from the research:

1. 6 out of 10 devices using web interfaces which are known to be vulnerable and are not used now
2. 70% of the devices using network services which are not protected by encrypted protocols, this exposes the devices that connect to cloud services and mobile applications to become Man-in-the-Middle Attack (MITMA)
3. 80% of the devices used default passwords which are inadequate and easy to guess (1234, 123456, 0000 and so on)
4. In 60% of the devices a security protocol that secures the connection of the device during the reception of updates is absent. The updated files are kept without any protection

IoT Different Devices and Made in China Products

So, this is the current situation of the devices which are intended to be used by the consumers, as IoT devices manufactured by so called A Grade brands. It is quite difficult to predict, what can happen with the assumed to be manufactured low cost IoT devices by the new companies which probably will not follow a strict Quality Control checking from the countries like China. China itself is not responsible for the worldwide hatred towards the Made in China products, it is some of the manufactures, who basically catch the consumers with low budget with their inferior products, with some compromise in the typical rules which any manufacturing industry should follow. With these so called “Made in China” IoT devices without proper quality control, it is possible for any third party to run spyware activities.