The modern smart home is brimming with a vast array of interconnected devices to help humans preheat ovens, set the ambiance around the house and even remotely feed the family pet. However, these internet-enabled devices also present new security risks and entry points into the home for cybercriminals. On Wednesday, NordVPN released a report outlining the proliferation of smart devices and consumer sentiments regarding responsibility for protecting these devices.
SEE: Security incident response policy (TechRepublic Premium)
“As the research shows, the more devices people own, the more vulnerable they usually are. Manufacturers surely have to take responsibility for the safety of their products, but users play a big part in their own cybersecurity,” said digital privacy expert at NordVPN Daniel Markuson in a press release.
Proliferation of IoT devices and security gaps
The NordVPN report is based on a global survey involving 7,000 people. A portion of the survey asked respondents which IoT and smart devices they had in their homes. Unsurprisingly, Wi-Fi routers/internet hubs topped this list for 63% of respondents, followed by internet-connected televisions (57%) and gaming consoles (36%).
In order, smart speakers a la Echo (featuring Alexa (28%), “fitness or wellbeing devices” such as smartwatches and fitness trackers (24%) and security devices (16%) including door cameras and smart locks round up the top six smart or IoT devices respondents had at home. While 89% of U.S. respondents said they use “some kind of IoT device” at home, 17% said they take “no action to protect” these devices, according to NordVPN.
On the same token, the vast majority of respondents are taking at least some measures to protect these devices. The top security measures taken include adding “antivirus or VPN to smartphone, laptop, and/or tablet on the same network as IoT devices” (42%), changing the default password for Wi-Fi routers (35%) and smart devices (32%) and adding a Wi-Fi router VPN (19%), according to the report.
Interestingly, about one-quarter of respondents (24%) said they do not incorporate any of the listed measures to protect these devices and many feel as though consumers are not responsible for smart and IoT device security.
More than half of respondents believe users and consumers (55%) are responsible for the security protection of these devices, followed by internet service providers (45%) and device manufacturers (41%), according to the report, and a similar number of respondents believe device sellers (19%) and governments (18%) are responsible for device security protection.
“IoT devices, by their very nature, collect and send information. This might be done securely and for a specific purpose, such as an encrypted message to tell your heating to turn off. But it might also be leaky, either through bad encryption (or none at all) or through giving away extra information,” reads a portion of the press release.
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
As we previously reported, smart homes could be ripe for a new type of cyberattack, based on the findings of a Georgia Tech study that illustrated the various ways utility companies and nation-states can use IoT devices en masse to manipulate energy markets. The NordVPN release made note of security risks associated with compromised IoT devices, specifically noting a string of hacked Ring doorbells in 2020. (In January, Ring announced that it was launching end-to-end encryption to eligible devices.)
“IoT device makers are in a rush to sell the gadgets as quickly as possible. This means that they are shipping them out with the minimum features required for them to function, shortening the development process and cutting costs as much as possible. This is great for device makers, but horrible news for consumers. When things are rushed, they leave huge gaps in security,” said Markuson.