The Unsecured IoT App: 80 Percent Not Tested for Security Errors

Plenty of people are excited about the burgeoning Internet of Things (IoT). From web-connect refrigerators that text you when you need more milk, to autonomous cars that chauffeur you around town, it seems there is always some exciting tech news just on the horizon.

Not to deflate this enthusiasm, but there are growing concerns that IoT is severely lacking in security protocols. In fact, a recent study found that 80 percent of IoT apps aren't test for any vulnerabilities at all! Why the lack of caution?

CyberPolicy's cybersecurity education takes a look at IoT and what you can do to protect your organization against device incursion.

Future Threats Are Here Today
Research conducted by the Ponemon Institute found that 80 percent of IoT apps aren't tested for vulnerabilities, explaining that the lack of urgency to address the risk are sometimes tied to the rapid evolution of technology.

As Arxan Technologies Chief Marketing Officer Mandeep Khera told SC Media, "IoT is still fairly new and due to lack of a big visible hack or a regulation, organizations have a hard time justifying security initiatives."

But while there are short-term financial benefits for not testing security gaps, the long-term negative effects will be faced by consumers and businesses who use these technologies.

Take, for example, the "utterly unsecure internet toaster" created by journalist and coder Andrew McGill. He devised a phony test toaster via a small server purchased from Amazon, "gussied it up to like an unsecured web device" and opened a web port that hackers commonly use to remotely control computers. The result? It was hacked more than 300 times in less than 11 hours.

Want a real-world example? Take the Mirai botnet which crashed the popular DNS provider Dyn in October 2016 with a distributed denial-of-service attack, taking several high-profile websites offline including Twitter, Reddit, Netflix, Airbnb and many more. This was accomplished by hacking and controlling traffic from more than 100,000 hacked IoT devices including home routers, surveillance cameras and baby monitors.

Driverless cars could also be a target for hackers. Two white-hate hackers developed software to remotely control a Jeep Cherokee through a cellular connection in the entrainment system and control its speed, transmission, brakes and steering. Not to mention that a recent data dump from WikiLeaks show that the CIA was interested in hacking smart cars for invisible assassinations.

Admittedly, this last example is not very likely since it is very difficult and requires physical access to the car for remote hacking purposes. But all these examples show there are flaws which can be exploited by the tech-savvy hacker.

With a few readily-available tools, cyber crooks from around the world can infiltrate and control an IoT device in your home or office. To prevent this be sure to:

  • Change the default password on all you IoT devices immediately.
  • Erect firewall protections or VPN access for all your employees inside the office and working remotely.
  • Monitor internet-connected device for suspicious behavior and quarantine it if necessary.

In the end, vulnerabilities in IoT lead to increased hacking, digital eavesdropping, large-scale cyberattacks and even cause physical harm! If you want to protect yourself and your business, it's time to invest in a cyber insurance policy from CyberPolicy. Get your free quote today!

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375