Rush to market places customers at risk say researchers at Context Information Security
The race to get new internet-connected products to market and jump on the IoT bandwagon is compromising security and putting customers’ personal data at risk, say security researchers at Context Information Security. A steady flow of stories involving successful hacks into connected devices from lightbulbs and children’s toys to surveillance systems, conference phones and connected cars demonstrates that vendors are not taking cyber threats seriously. It’s not just new products or naïve vendors: big companies are making the same mistakes.
Recent news has shown the potential repercussions for easily hacked IoT devices: they apparently make up a botnet that has been used to bring down sections of the Internet, and is up for hire to allow online criminals to make further attacks.
To address these concerns and help companies to design in robust security from the outset, Context has launched a Product Security Evaluation service. Its researchers and penetration testers are working with manufacturers to test new products or software before going to market. They will also test third-party products prior to a customer buying, using or recommending it, in order to make sure they are not exposing themselves or their businesses to risks.
“While the IoT offers exciting new opportunities, security is one of the major issues holding back mass adoption,” said Neil Biggs, Head of Research at Context. “Both established and new vendors are desperate to seize a market lead, but many do not have the cyber security skills and expertise to deliver safe and secure products that stand up to potential attacks in the real world.”
Context researchers have themselves exposed security flaws in a number of IoT products including Wi-Fi lightbulbs, a Canon printer, a Yale smart alarm and Motorola home security cameras. In each case the vendor was informed and Context helped to fix the vulnerabilities.