Smart Home Users Failing on Security Basics

Written by

Basic security mistakes such as weak passwords and unpatched firmware are exposing smart homes to heightened cyber-risk, according to Bitdefender.

The security vendor’s latest report, The IoT Threat Landscape and Top Smart Home Vulnerabilities in 2018, is compiled from data collected from its BOX IoT security product and interviews with consumers.

The average home is now filled with 20 smart devices, with 95% of vulnerabilities residing in the firmware, the vendor claimed.

Yet despite 60% of users claiming they’re concerned about identity and data theft and malware infection, many are failing to adequately protect IoT devices. Six out of 10 said they’d never performed a firmware update on their router, a figure dropping slightly to 55% for smart TV owners.

Only 60% of smart device users said they have different passwords for each smart device, while half of smart TV owners admitted they’d never changed their password.

Although 30% are worried about a hacker accessing a smart device camera to spy on them, 70% have at least one camera connected to a vulnerable router, Bitdefender claimed.

The firm said its BOX product blocked 461,718 threats in just a 30-day period, with most of them (76%) dangerous websites.

E-threat analyst, Bogdan Botezatu, argued that weak or single passwords for multiple devices, failure to patch, careless browsing and clicking on suspicious links/attachments can all open the cyber front door of the smart home to hackers.

Yet not only users are to blame.

“Smart device manufacturers share responsibility for the current state of IoT security because most of them are overlooking the security aspect,” he added. “In their rush to launch the product ahead of the competition, they are leaving attack avenues wide open to attackers interested in user sensitive data.”

A BSI kitemark initiative launched earlier this year should make it easier for consumers to choose products which have passed best practice standards for cybersecurity.

What’s hot on Infosecurity Magazine?