The race to get new internet-connected products to market and jump on the IoT bandwagon is compromising security and putting customers’ personal data at risk, say security researchers at Context Information Security. A steady flow of stories involving successful hacks into connected devices from lightbulbs and children’s toys to surveillance systems, conference phones and connected cars demonstrates that vendors are not taking cyber threats seriously. It’s not just new products or naïve vendors: big companies are making the same mistakes.
Recent news has shown the potential repercussions for easily hacked IoT devices: they apparently make up a botnet that has been used to bring down sections of the Internet, and is up for hire to allow online criminals to make further attacks. To address these concerns and help companies to design in robust security from the outset, Context has launched a Product Security Evaluation service. Its researchers and penetration testers are working with manufacturers to test new products or software before going to market. They will also test third-party products prior to a customer buying, using or recommending it, in order to make sure they are not exposing themselves or their businesses to risks.
Context researchers have themselves exposed security flaws in a number of IoT products including Wi-Fi lightbulbs, a Canon printer, a Yale smart alarm and Motorola home security cameras. In each case the vendor was informed and Context helped to fix the vulnerabilities.
For more information, visit http://www.contextis.com