IoT Devices Are At Risk From Insecure Apps

Today’s average consumer is living in a connected world. In 2018, there were 23.14 billion devices connected to the internet, each making significant impact on our lives without us even noticing. Our front doors, our light fittings and our refrigerators are all getting smarter by the day. It’s estimated that the average American will own 13 internet-connected devices by 2021, and the UK won’t be far behind. Technology is a linchpin of our daily life, and will only continue to grow and the concern for IoT devices at risk is growing rapidly.

Alongside the excitement of new, powerful technologies comes the realities of a connected society. The IoT (Internet of Things) is still in its infancy. Those pioneering the potential of smart devices are also learning as they discover the flaws and vulnerabilities of the software they are building.

New research from Brazil’s Federal University of Pernambuco and the University of Michigan has shown that the Internet of Things is lacking the security it needs to protect the billions of people using smart devices each day. Devices at risk from insecure apps could be as high as 50%. As with every connected device, information is stored on the networks it interacts with and the other devices on there. Any connection to your internet can be a gateway to your information. Through an insecure app, attackers could access usernames and passwords, and even the other devices you use on the same network.

Examples of insecure IoT devices leading to significant breaches are coming to light each month. In America, the data of thousands of gamblers was accessed and removed through the smart thermostat in the fishtank in the lobby. A hospital was sanctioned after the smart devices used to monitor heart conditions were left open, revealing personal patient data.

The study concluded that 50% of the tested devices, which were the 96 most popular Wi-Fi and Bluetooth-enabled devices on Amazon, were vulnerable to attacks. 31% were completely unencrypted, leaving them without any protection. 19% of the devices were encrypted with insufficient protection, and were easily accessed by the researcher tests.

Security on an internet-enabled device is down the the app developer. It’s necessary to secure the app itself, as well as the connections it makes during setups and upon use and the data is stores to do the job. Once the device is in the home, it’s harder to update and protect against new threats – and with multiple connections, or even multiple users, there are plenty of opportunities for a breach. The security has a lot of areas to cover, and a lot of specialisms required that aren’t usually needed to secure other devices. This is why the mobile security landscape for smart devices remains far more vulnerable than the laptops and phones we use every day.

Mobile phone security is the foundation of everything we do at MobiCode. We have created a software that’s designed to make the connected world we live in a safer place to be, eliminating the risk of data breach and protecting device users from threats like this. The issues associated with the Internet of Things need the same level of dedication and attention to detail to prevent serious breaches in future.