What are the least secure connected devices?
A journalist was asking my thoughts about the least secure connected devices out there today. Here's my response:
----------
What's insecure? Almost all of the cheaper consumer electronics available on the market today, including toys, light bulbs, weight scales, bread makers, web cams, and more.
There are two major reasons. The first is that most of these are made by hardware manufacturers who have little background in software engineering best practices, let alone security. The result is common security problems, such as default passwords, no support for software updates, little or no encryption, or poor management of cloud servers.
The other reason is economics. We consumers don't make purchasing decisions based on whether a device is secure or not, since we can't easily gauge the quality of security. One result is that manufacturers don't put a lot of effort into security.
I research IoT security, and I basically try to avoid having any of these devices in my house. We do have an Internet-enabled bread maker that my wife got from China (you can use an app to see
the status and control it), but I've asked my wife to unplug it when not using it, because I can't easily tell how good it's security is or what other computers it communicates with.
(Ok, I could examine it, but it would take a fair bit of effort, and I have better things to spend my time on :)
----------
What's insecure? Almost all of the cheaper consumer electronics available on the market today, including toys, light bulbs, weight scales, bread makers, web cams, and more.
There are two major reasons. The first is that most of these are made by hardware manufacturers who have little background in software engineering best practices, let alone security. The result is common security problems, such as default passwords, no support for software updates, little or no encryption, or poor management of cloud servers.
The other reason is economics. We consumers don't make purchasing decisions based on whether a device is secure or not, since we can't easily gauge the quality of security. One result is that manufacturers don't put a lot of effort into security.
I research IoT security, and I basically try to avoid having any of these devices in my house. We do have an Internet-enabled bread maker that my wife got from China (you can use an app to see
the status and control it), but I've asked my wife to unplug it when not using it, because I can't easily tell how good it's security is or what other computers it communicates with.
(Ok, I could examine it, but it would take a fair bit of effort, and I have better things to spend my time on :)
Comments