Symantec says IoT-Enabled Devices should have Better Security Measures

Symantec says IoT-Enabled Devices should have Better Security Measures

Reach more home owners! Advertise with Smart Homes Now!
Reach millions of home owners now! Advertise with us!
Email Us

The Internet of Things (IoT) is definitely a great boon and we’ll likely see a whole bunch of appliances connected to the Internet that we can control.

But there is the matter of security. With that many devices connected to the Internet, it is possible that unscrupulous elements will take advantage of it.

Symantec, a company that makes security, storage, backup and availability software, released  recently a report that states that IoT devices don’t have strong security protocols and measures; this leaves consumers potentially exposed.

Symantec analyzed 50 smart home devices that are available and here’s what they found out:

  • None of the devices use mutual authentication, enforce strong passwords or protect against brute-force attacks.
  • Nearly 20 percent of mobile apps that control these devices do not encrypt data sent to the cloud.
  • A test of 15 smart home cloud interfaces showed 10 web vulnerabilities—many of them critical—one of which could allow an attacker to remotely unlock someone’s house.
  • Unsigned firmware updates for these devices could also allow attackers to take over devices completely.

Check out their infographic below:

Insecurity of The Internet of Things Infographic

The full report,  which can be found here, has some valid points —  some of which are worrying.  IoT enabled devices suddenly locks people out of their homes,  turning on, overheating, damaging appliances or even burning a house down; it’s the stuff of nightmares.

Symantec states that just like any other device that’s connected to the Internet,  IoT-enabled appliances should have strong encryption methods. They also propose that all firmware or applications should be verified through a chain of trust, a series of hardware and software component validations.

Our own recommendation?   How about implementing a  two-step authentication that most online services use? Google, Yahoo, Microsoft use these to authenticate requests for account setting changes such as passwords and other user details. It could potentially stop hackers from accessing user accounts.

Another thing that manufacturers  could do is install biometrics on web  and smartphone applications that control IoT.  That way, users have their  password and  biometric signature (a thumbprint for starters) to access their IoT enabled appliances and devices.

Hopefully these  security issues will be  addressed properly so that consumers can use IoT enabled devices without problems. Smart Homes Now will keep you updated on IoT security issues and more so stay tuned.