Acquired Electronics360

Consumer Electronics

Smart Home Security an Afterthought to Developers

08 September 2016

Smart Home and wearable technology having a secure platform should be a top priority, but according to the Online Trust Alliance (OTA), a nonprofit group designed to educate businesses and policymakers, security is often overlooked in order to bring products quickly to market.

The OTA says that devices connected to the home or worn by consumers could actually be used as weapons of insecurity if steps are not taken to ensure vulnerabilities are avoided. The OTA says that every vulnerability or privacy issue reported involving the Internet of Things (IoT) since November of 2015 could have been easily avoided.

“In this rush to bring connected devices to market, security and privacy is often being overlooked,” says Craig Spiezle, executive director and president of OTA. “If businesses do not make a systemic change, we risk seeing the weaponization of these devices and an erosion of consumer confidence impacting the IoT industry on a whole due to their security and privacy shortcomings.”

The nonprofit group analyzed reported device vulnerabilities from November 2015 through July of this year from home security vendors, software security firms, consumer and privacy groups, international testing organizations, academic institutions, and governmental and law enforcement agencies.

The OTA found that most of the glaring failures were the result of:

  • Insecure credential management
  • Not adequately or accurately disclosing consumer data collection and sharing policies
  • Lack of security testing throughout the development process
  • Lack of capability to respond to vulnerabilities
  • Insecure or no network pairing control options
  • Not testing for common code injection exploits
  • Lack of transport security and encrypted storage
  • Lack of a substantial plan to deal with vulnerabilities

“Security starts from product development through launch and beyond, but during our observations we found that an alarming number of IoT devices failed to anticipate the need of ongoing product support,” Spiezle says. “Devices with inadequate security patching systems further opens the door to threats impacting the safety of consumers and businesses alike.”

To contact the author of this article, email engineering360editors@ihs.com

To contact the author of this article, email Peter.Brown@ieeeglobalspec.com


Powered by CR4, the Engineering Community

Discussion – 0 comments

By posting a comment you confirm that you have read and accept our Posting Rules and Terms of Use.
Engineering Newsletter Signup
Get the Engineering360
Stay up to date on:
Features the top stories, latest news, charts, insights and more on the end-to-end electronics value chain.
Advertisement
Weekly Newsletter
Get news, research, and analysis
on the Electronics industry in your
inbox every week - for FREE
Sign up for our FREE eNewsletter
Advertisement

CALENDAR OF EVENTS

Date Event Location
30 Nov-01 Dec 2017 Helsinki, Finland
23-27 Apr 2018 Oklahoma City, Oklahoma
18-22 Jun 2018 Honolulu, Hawaii
Find Free Electronics Datasheets
Advertisement