Will security concerns handicap IoT devices?
In a letter that began, “Dear Target, Walmart, Best Buy and Amazon,” 11 privacy advocates recently urged the retail community to stop selling internet-connected devices that don’t meet minimum security requirements.
As an example of related risks, the letter pointed to the 2017 CloudPets breach, when connected teddy bears exposed 2.2 million voice recordings made between parents and their children.
“It is estimated that by 2020, 10 billion IoT products will be active,” wrote the group, led by Mozilla. “The majority of these will be in the hands of consumers. Given the enormous growth of this space, and because so many of these products are entrusted with private information and conversations, it is incredibly important that we all work together to ensure that internet-enabled devices enhance consumers’ trust.”
The letter arrives as a number of studies attest that many IoT devices, from industrial sensors to webcams, televisions and other smart home devices, have little or no security. And while the damage from credit card breaches has led to surprise charges on billing statements, hackers of IoT devices may gain access to video feeds, conversations, an individual’s location in real time, their health data and more.
In December, a hacker took over a California family’s Nest camera to broadcast audio warnings about a North Korean missile attack. Some high-level concerns include devices coming from China being used to spy on Americans. IoT devices have also proven vulnerable to botnets, when hackers send vast amounts of spam mail to disrupt websites.
By all indications, makers of IoT devices have little incentive to improve security with no uniform regulations and still little apprehension from consumers.
Surprisingly, a survey from security provider Gemalto found that a wide majority of makers and users of IoT technology are looking to legislators for more robust guidelines on security. Almost half (48 percent) of the makers were unable to detect if their IoT devices were breached.
- This Valentines day all we want is products that meet minimum security standards – Mozilla
- IoT security is so bad, many companies can’t tell when they’re hacked – Fast Company
- Almost half of companies still can’t detect IoT device breaches, reveals Gemalto study – Gemalto
- ‘Internet of things’ or ‘vulnerability of everything’? Japan will hack its own citizens to find out – CNN
- New Study Highlights IoT Security and Privacy Flaws in Popular Off the Shelf Devices – CPO Magazine
DISCUSSION QUESTIONS: Will breaches of IoT devices likely become more or less of a headache for retailers in the years ahead? What, if anything, should retailers be doing now to address the situation?