New F-Secure report reveals that the security failings in today’s IoT-connected devices could lead to a descent into a dystopian future.
Act now or pay later, that’s the conclusion found by a new report on IoT security sponsored by F-Secure called “The Internet of Things: Pinning down the IoT.” In the report, experts reviewed by the Cyber Security Research Institute warn that the IoT poses a considerable threat to consumers due to inadequate security and privacy regulations. If the industry doesn’t act fast, the report says, expect a descent into a dystopian future.
There is now estimated to be more IoT devices in use than the total population of Earth, adding to the urgency. Millions of them have already been compromised by the Mirai botnet, say the researchers, and most consumers don’t understand the security risks their devices are vulnerable to or what to do about them. Further adding to the issue are manufacturers that rush devices to market with little or no security features built in, and vulnerabilities such as hard-coded passwords.
“This situation could create an even more frightening scenario than the UK tabloid newspapers’ ‘phone hacking’ scandal, due to a massive adoption of insecure IoT devices,” the report states. “Eventually almost every household device will be online, and they will largely be invisible to the end user as a smart device,” Mikko Hypponen, Chief Research Officer of F-Secure, says in the report. “They will look like dumb devices, but they will be smart devices though they won’t offer any features to the consumer because the real reason for them to be online will be for them to report home and report analytics to the company that built the device.”
The report noted that consumers need to demand security or manufacturers will never make it a priority. The IoT is becoming so widespread that dependency on it is likely to develop, and researchers say governments will need to step in to demand security and privacy regulations.
In the report, Michael Barton, the Chief Constable of Durham Constabulary said: “There needs to be regulation but I’m fighting shy of heavy regulation here. You can’t sell toys with pins in them so that children are blinded. You can’t sell cars where the brakes work intermittently. Nor should you be able to sell something on the IoT that allows people’s bank accounts to be emptied.”