Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

7/26/2017
10:00 AM
50%
50%

Majority of Consumers Believe IoT Needs Security Built In

Respondents to a global survey say Internet of Things security is a shared responsibility between consumers and manufacturers.

While 90% of consumers across six different countries expect security to be built into their Internet of Things devices, the question about who should be responsible for implementing IoT security is divided, according to a survey released today by Irdeto.

The Irdeto Global Consumer IoT Security Survey, which queried 7,882 consumers in the US, Brazil, China, Germany, India, and the UK, reports that 15% of respondents believe consumers are responsible for implementing the security, while 20% say manufacturers should play that role. Overall, however, 56% believe it is the responsibility of both the consumer and manufacturer.

“While consumers across the globe believe that IoT devices need to have security manufactured into the product in order to prevent against cyberattacks, it’s encouraging that they also recognize the important role they play in IoT security,” says Mark Hearn, director of IoT security at Irdeto, in a statement.

The survey reports that 89% of respondents have at least one connected device in their home and of this group 81% have more than one IoT device. Among the six countries included in the survey, India has the most IoT users with 97% of residents having at least one IoT device in their home. The US has the fewest, with only 80%. 

Read more about the survey here

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
rwsmarine
50%
50%
rwsmarine,
User Rank: Apprentice
8/15/2017 | 3:23:54 PM
nomenclature
wht couldn't the nomenclature of the device be its temp password?  As soon as it comes online or booted the first time a mandatory password change is required.  Quick easy not great but at least its something.  Every device has a sn# to it and their all different
mikeroch
50%
50%
mikeroch,
User Rank: Apprentice
7/27/2017 | 11:40:39 AM
Re: Consumer vs manufacturers 192.168.1.1?
Absolutely agree with Dr. T, the responsibility should majorly be upon the manufacturer, it's simple, I buy some product of some brand, I trust them but due to their mistake I suffer the loss. So, even, knowing that it was good company, they failed to stand on it as they did wrong with the product. So, the 56% should be on the manufacturer side. So, IoT should be much cared by the manufacturer.
Nry2137
100%
0%
Nry2137,
User Rank: Apprentice
7/26/2017 | 12:29:05 PM
Re: Consumer vs manufacturer?
I believe the responsibility resides with both parties. However, in order to understand the responsibilities involved with security, I also believe that both parties, users specifically, need to be educated on their expected responsibilities. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/26/2017 | 10:40:54 AM
Consumer vs manufacturer?
 

"Overall, however, 56% believe it is the responsibility of both the consumer and manufacturer."

I think it should be manufacturer responsibility to secure the device, most customers would not even know how to use the device forget about the security.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/26/2017 | 10:38:42 AM
IoT Security
If the device is doing more than one thing and connected to other devices security should be mandatory. If not and simply ringing the door bell and not connected to other things, why go so much trouble and make it expenses, basic security should be ok.
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Cognitive Bias Can Hamper Security Decisions
Kelly Sheridan, Staff Editor, Dark Reading,  6/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12855
PUBLISHED: 2019-06-16
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
CVE-2013-7472
PUBLISHED: 2019-06-15
The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
CVE-2019-12839
PUBLISHED: 2019-06-15
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
CVE-2019-12840
PUBLISHED: 2019-06-15
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVE-2019-12835
PUBLISHED: 2019-06-15
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.