Vulnerabilities / Threats

7/26/2017
10:00 AM
50%
50%

Majority of Consumers Believe IoT Needs Security Built In

Respondents to a global survey say Internet of Things security is a shared responsibility between consumers and manufacturers.

While 90% of consumers across six different countries expect security to be built into their Internet of Things devices, the question about who should be responsible for implementing IoT security is divided, according to a survey released today by Irdeto.

The Irdeto Global Consumer IoT Security Survey, which queried 7,882 consumers in the US, Brazil, China, Germany, India, and the UK, reports that 15% of respondents believe consumers are responsible for implementing the security, while 20% say manufacturers should play that role. Overall, however, 56% believe it is the responsibility of both the consumer and manufacturer.

“While consumers across the globe believe that IoT devices need to have security manufactured into the product in order to prevent against cyberattacks, it’s encouraging that they also recognize the important role they play in IoT security,” says Mark Hearn, director of IoT security at Irdeto, in a statement.

The survey reports that 89% of respondents have at least one connected device in their home and of this group 81% have more than one IoT device. Among the six countries included in the survey, India has the most IoT users with 97% of residents having at least one IoT device in their home. The US has the fewest, with only 80%. 

Read more about the survey here

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
rwsmarine
50%
50%
rwsmarine,
User Rank: Apprentice
8/15/2017 | 3:23:54 PM
nomenclature
wht couldn't the nomenclature of the device be its temp password?  As soon as it comes online or booted the first time a mandatory password change is required.  Quick easy not great but at least its something.  Every device has a sn# to it and their all different
mikeroch
50%
50%
mikeroch,
User Rank: Apprentice
7/27/2017 | 11:40:39 AM
Re: Consumer vs manufacturers 192.168.1.1?
Absolutely agree with Dr. T, the responsibility should majorly be upon the manufacturer, it's simple, I buy some product of some brand, I trust them but due to their mistake I suffer the loss. So, even, knowing that it was good company, they failed to stand on it as they did wrong with the product. So, the 56% should be on the manufacturer side. So, IoT should be much cared by the manufacturer.
Nry2137
100%
0%
Nry2137,
User Rank: Apprentice
7/26/2017 | 12:29:05 PM
Re: Consumer vs manufacturer?
I believe the responsibility resides with both parties. However, in order to understand the responsibilities involved with security, I also believe that both parties, users specifically, need to be educated on their expected responsibilities. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/26/2017 | 10:40:54 AM
Consumer vs manufacturer?
 

"Overall, however, 56% believe it is the responsibility of both the consumer and manufacturer."

I think it should be manufacturer responsibility to secure the device, most customers would not even know how to use the device forget about the security.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/26/2017 | 10:38:42 AM
IoT Security
If the device is doing more than one thing and connected to other devices security should be mandatory. If not and simply ringing the door bell and not connected to other things, why go so much trouble and make it expenses, basic security should be ok.
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: New camera 2FA closed loop!
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20050
PUBLISHED: 2018-12-10
Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method.
CVE-2018-20051
PUBLISHED: 2018-12-10
Mishandling of '>' on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via certain ONVIF methods such as CreateUsers, SetImagingSettings, GetStreamUri, and so on.
CVE-2018-20029
PUBLISHED: 2018-12-10
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
CVE-2018-1279
PUBLISHED: 2018-12-10
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on ...
CVE-2018-15800
PUBLISHED: 2018-12-10
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.