New Report Highlights the Unsettling State of IoT Device Security
Dark Cubed reveals significant privacy and security flaws in consumer IoT devices and a lack of attention to the security of these devices by manufacturers and major retailers.
31 Mar, 2021, 08:38 ET
ALEXANDRIA, Va., March 31, 2021 /PRNewswire/ -- Dark Cubed, the cyber security company empowering small and medium sized businesses with affordable, automated network protection, today announced the release of a major update to their "State of IoT Security Report." This report regrettably concludes that IoT security quality has largely regressed in the 2 years since Dark Cubed released its inaugural report on the subject.
"Every day, millions of Americans use myriad Internet of Things (IoT) devices connected to their home networks, purchased from major retailers. Little do they know these devices have little or no security controls resulting in significant privacy and security concerns," noted Vince Crisler, Dark Cubed CEO and principal author of the report. "The largely unfettered exposure these ubiquitous devices have to bad actors and potentially hostile nation states should be alarming to their manufacturers, policy makers, and device users."
The report's conclusions include:
- Every device evaluated had strong supply chain and business connections to China.
- Most devices had at least one network connection to a server based in China.
- Many devices failed basic security checks and had significant, basic vulnerabilities
- Most devices lack even the security required to prevent complete visibility into consumer's private images to anyone in the network path between your house and the IoT provider.
- Most of the Android applications are woefully insecure and were observed sending data to servers in China; Android applications that are installed on our phones with access to every detail of our private lives.
During the course of the study, 10 home automation devices in the $20 to $100 price range were purchased and analyzed using open source tools and the cyber security experience of the Dark Cubed team. The companies branding the devices as well as their technology and data supply chains were also assessed, highlighting not only the complex web of organizations and technologies behind seemingly basic household devices, but also how many of those relationships lead US citizens' personal data back to storage on Chinese infrastructure.
Additionally, basic attack vectors were launched against the devices to identify inherent vulnerabilities to relatively unsophisticated cyber attack techniques, and disconcertingly, nearly all the devices tested failed to include fundamental security mechanisms that would render them invulnerable to such primitive attack techniques.
According to Crisler, "US companies and government agencies spend countless millions protecting against Chinese attacks, but the threat of compromise to the millions of devices in our own homes and the personal and intimate data collected by those devices has been largely ignored. We hope this report will help shine a light on what is the trojan horse many of us have unwillingly welcomed into our homes."
The full report is available now, and can be downloaded at darkcubed.com/iot-security.
About Dark Cubed
Dark Cubed (darkcubed.com) brings information security to the 99% of companies without the resources to implement security today. The Dark Cubed SaaS solution augments existing firewalls to provide enterprise-grade security capabilities at a fraction of the cost and complexity of conventional security products. We partner with MSPs and service providers to secure their customer base, increase revenue, and capture new customers. Founded by a former White House CISO, Dark Cubed is headquartered in Alexandria, VA.
Dark Cubed, CMO
SOURCE Dark Cubed
Share this article