The FBI statements put the onus on the consumer to secure the device, but these devices often come with default passwords and customers can’t always be relied upon to carry out the over-the-air updates the companies send for their devices.
Those connected devices in your home that hook up to the web and make the minutiae of daily life that much easier could also leave you exposed to no less than a “drive by” in your own home. And you don’t have to take our word for it, just listen to the FBI.
In a statement issued earlier this month, the Portland, Oregon field office of the FBI warned about these “Internet of Things” smart devices in our homes, saying that “hackers can use that innocent device to do a virtual drive-by of your digital life. Unsecured devices can allow hackers a path into your router, giving the bad guy access to everything else on your home network that you thought was secure.”
The FBI statement then listed several standard cybersecurity practices that consumers can follow, including using long and complicated passwords and performing regular updates of devices, among others.
The statement follows one from late November in which the Bureau warned about the dangers posed by smart TVs, which it said “can also be a gateway for hackers to come into your home. A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router.”
The FBI is not alone. According to a survey carried out for Karamba Security in the US recently, 50% of consumers are more concerned about their IoT devices being hacked than their home being burglarized. In addition, the survey found that 74% of respondents expected manufacturers to secure these devices prior to sale, and as much as 87% believe it is the responsibility of manufacturers to do so.
The FBI statements put the onus on the consumer to secure the device, by way of measures like using strong passwords or regularly updating the device. The problem is that these devices often come with default passwords and customers can’t always be relied upon to carry out the over-the-air updates the companies send for their devices.
It is imperative that manufacturers install deterministic security in their devices, which will work throughout the product’s entire lifecycle, without requiring a user to regularly install updates. When it comes to IoT security, the writing is on the wall.