Pepper and Dark Cubed’s State of IoT Security Report reveals widespread systemic problems within the IoT.
IoT platform and service provider Pepper IoT has teamed up with cybersecurity company Dark Cubed to present the State of IoT Security Report. The report revealed widespread systemic issues within the IoT and found that so-called smart devices still fail miserably when it comes to security. The State of IoT Report looked at nine IoT devices and applications, testing consumer smart home devices that are available at major retailers across the country.
“Just as retailers wouldn’t sell unsafe toys, tainted lettuce or products with toxic chemicals, they have a responsibility to sell safe and secure IoT devices to consumers. We are highly motivated to partner with Dark Cubed. Their report highlighted some of the key problems in the IoT market that we are solving. We are committed to working with major retailers and device manufacturers to leverage our trusted U.S.-based platform for secure and private consumer IoT management,” said Scott Ford, CEO at Pepper IoT.
Dark Cubed’s experts tested and analyzed the privacy and security of the devices. Rather than try to hack into the devices, the tests looked at how the devices operate as designed and how secure they were doing so. The tests revealed anomalies and communications that could not be explained.
According to the report, key findings of the include:
- Device security is important, but the platform is much more critical: Connected devices require a sophisticated networked platform to manage communications, protect data, identify and patch vulnerabilities, and to deliver a quality experience. Many (potentially most) consumer-connected devices available in U.S. retail today are managed by offshore platforms that have no motivation to protect user data or ensure high-security standards.
- Patching will not fix systemic problems: Devices that are insecure from the moment they were installed have the potential to do immediate damage. These devices must be secure from Day One to ensure the protection of consumer data.
- The market must make security a priority: Several of the devices reviewed were painfully insecure, showing that neither the manufacturer nor its platform provider addressed security. These devices leak sensitive consumer data and open direct lines of communication to servers in countries of concern.
“If we do not address the problem of insecure consumer IoT devices and the lack of respect for consumer privacy soon, it is going to be too late. Just because the space is complex and rapidly developing is not an excuse for retailers and regulators to turn a blind eye. In fact, the opposite is true. Retailers must consider security as a part of their buying processes and government must consider regulations that focus on consumer protections. We are passionate about these issues and excited to work with Pepper IoT in leading change,” said Vince Crisler, CEO, Dark Cubed.