We already know that Internet of Things devices tend to have vulnerabilities, and there have been some efforts to establish guidelines for creating a more secure environment. But a new study from Symantec, the company that makes Norton AntiVirus, says that your smart-home devices could be “giving away the keys to your kingdom.”
Research firm Gartner estimates that consumers will be using 2.9 billion Internet of Things devices by the end of 2015, and the group forecasts the total will reach 13 billion by 2020. But in testing 50 smart-home products, Symantec found insecurities like weak authentication and Web-based vulnerabilities that are widely known and could be avoided. “ ‘Security’ is not a word that frequently gets associated with IoT devices,” the company wrote.
Symantec also discusses “local attacks,” in which a hacker breaks the encryption on or otherwise infiltrates a poorly protected home Wi-Fi network. Once inside, it’s much easier for a hacker to compromise anything on the network (including an Internet of Things device), but Symantec points out that some of the products are essentially opening the front door wide for intruders by doing things like transmiting passwords in plain text without protection. At every step of penetration, it gets easier for a hacker to achieve her goals, but that doesn’t mean it should just be effortless.
Though Symantec only looked at smart thermostats, locks, light bulbs, smoke detectors, energy management devices, and hubs, the company says that its findings are also relevant to security alarms, smart video cameras, smart TVs, routers, and networked storage like external hard drives. Symantec has also done similar studies in the past, including one in July that identified extensive weaknesses in fitness trackers.
So what do we do about it? The company says, “Demand better security from the manufacturers of your smart home and IoT devices—only then will things start to improve.”