Since the late 1970s, when personal computers and the lure and lore of the internet came within the reach of consumers, to the present day, cybersecurity has been a major issue. From the early hackers, whose forays over dialup internet and intranet connections were more often mischievous than malicious, to the present day’s expert code criminals who have demonstrated the ability to hold the data of law-enforcement agencies for ransom, truly foolproof and reliable cybersecurity is still proving to be somewhat of a pipedream.
Today, the game is changing daily because of the escalation of device connectivity. The internet of things (IoT) is proving to be the greatest source of security issues. With billions of devices being connected to the web and the prospect of trillions of sensors interfacing these devices to a plethora of embedded systems, the tech world is providing a virtual playground for hackers, phishers, ransomware developers, and everything short of a face-to-face stickup.
There appears to be as much research on the topic as there have been topologies developed to thwart the onslaught cyber vandals. Recently, a collaborative study conducted by security-product maker Avast and Stanford University corroborates the observation that greater connectivity results in greater security threats. The collaborators find that 40% of the world’s homes have at least one IoT device in operation, with the US leading the pack at 66% of North American homes riding the IoT.
Heralded as the “the largest global study to date examining the state of IoT devices”, Avast scanned 83 million IoT devices in 16 million homes with the company’s Wi-Fi Inspector. The tool allegedly scans home networks for vulnerabilities and identifies potential security issues and checks the status of the home network, connected devices, and router settings. Avast claims its Wi-Fi Inspector helps secure the network, but how it does this is not explained. However, just note that the study is being performed with a tool provided by one of the study’s collaborators.
Collected data was validated and analyzed by research teams at both Avast and Stanford University. Their findings appear in a research paper titled, All Things Considered: An Analysis of IoT Devices on Home Networks.
What They Found
Acknowledging the ongoing battle against security threats, Assistant Professor of Computer Science at Stanford University Zakir Durumeric claims the data collected in the study will shed light on the security problems present in users’ IoT devices. Significant points the researchers found include:
- Compared to the global average of 40%, North America has the highest density of IoT devices - 66% of US homes possess at least one device.
- With over 14,000 IoT manufacturers worldwide, 94% of all IoT devices are manufactured by 100 vendors.
- Obsolete protocols like FTP and Telnet are still used by millions of devices with over 7% of all IoT devices still using these protocols. This adds yet another layer of vulnerability.
Okay, common knowledge in the tech community, a rule of thumb if you will, is if it’s connected, it’s vulnerable. Once you accept that, the only question is, if it’s connected, how do I protect it? It appears that a lot of folks either don’t know or, perhaps, don’t care.
Avast found many devices, 7% to be approximate, using obsolete protocols, i.e., Telnet and FTP. This also was found to apply to 15% of home routers. These obsolete protocols have notoriously weak credential paradigms, which enables them to bare other network devices to attack. Unfortunately, not much, if anything is being done to put these protocols to bed, permanently.
To be fair, responsibility for good security practices cannot be placed on just one set of shoulders because, another rule of thumb if you will, is no matter what security system is created, no matter how impenetrable, reliable, innovative, and/or foolproof it may be, someone will find a way to hack into it. And the cycle will continue.
Security is a threefold responsibility. First, manufacturers need to make their devices as secure as possible. Second, the systems and software creators need to get their game up to match the vendors. And third, consumers need to come up for air from downfacing into their phones and get smarter about security.
Oh, there is a fourth factor. Perhaps more should be invested in methods of reliably locating the hackers, phishers, and overall cybercriminals and upping the penalties. Perhaps, sentencing them to 99 years in a cell with just a PC running Windows ME and a dialup connection. ~MD