Smart Home and wearable technology having a secure platform should be a top priority, but according to the Online Trust Alliance (OTA), a nonprofit group designed to educate businesses and policymakers, security is often overlooked in order to bring products quickly to market.
The OTA says that devices connected to the home or worn by consumers could actually be used as weapons of insecurity if steps are not taken to ensure vulnerabilities are avoided. The OTA says that every vulnerability or privacy issue reported involving the Internet of Things (IoT) since November of 2015 could have been easily avoided.
“In this rush to bring connected devices to market, security and privacy is often being overlooked,” says Craig Spiezle, executive director and president of OTA. “If businesses do not make a systemic change, we risk seeing the weaponization of these devices and an erosion of consumer confidence impacting the IoT industry on a whole due to their security and privacy shortcomings.”
The nonprofit group analyzed reported device vulnerabilities from November 2015 through July of this year from home security vendors, software security firms, consumer and privacy groups, international testing organizations, academic institutions, and governmental and law enforcement agencies.
The OTA found that most of the glaring failures were the result of:
- Insecure credential management
- Not adequately or accurately disclosing consumer data collection and sharing policies
- Lack of security testing throughout the development process
- Lack of capability to respond to vulnerabilities
- Insecure or no network pairing control options
- Not testing for common code injection exploits
- Lack of transport security and encrypted storage
- Lack of a substantial plan to deal with vulnerabilities
“Security starts from product development through launch and beyond, but during our observations we found that an alarming number of IoT devices failed to anticipate the need of ongoing product support,” Spiezle says. “Devices with inadequate security patching systems further opens the door to threats impacting the safety of consumers and businesses alike.”
To contact the author of this article, email firstname.lastname@example.org