Smart devices are not smart enough to protect from attack say experts

Experts say smart kettles, web cams, and baby monitors are vulnerable to hackers
Publish date:

Internet of Things (IoT) devices are not secure enough to stop a cyber attack, according to experts. Connected devices won’t be able to stop malicious hackers from obtaining sensitive information if the devices are compromised, because the devices do not have the memory required to support security software. 

Experts from the Technology Partnership and the University of Westminster highlighted that generic code and default web access has made IoT devices more vulnerable to cyber attack. 

Mercedes Bunz, a lecturer at the University of Westminster explained how a lack of password security also contributed to the issue: “The problem is that people don’t change their passwords. They just keep their default passwords and they are so easily compromised. They are very easily turned around into a little bot, because that doesn’t need a lot of memory.” 

Product development consultant at the Technology Partnership Richard Sims, accused vendors of assuming customers know how to protect their devices: “If you’re a product development company releasing these products on to the consumer market, it’s unrealistic to expect the consumer to have the knowledge of how to secure these devices, so this has to be considered from the start. 

“The problem is that you can’t install an antivirus system because they are too dumb. It’s not like a personal computer where you can install a firewall.”

Bunz’s and Sims’ observations come after last week’sdistributed denial of service (DDoS) hack, dubbed The Dyn Attack. This hack compromised Twitter, Spotify, Reddit, and other popular sites when cyber criminals were able to access consumers’ connected devices such as printers to bring down the web sites.



How to protect from firmware attacks

Firmware is an often overlooked area when it comes to security, but Simon Shiu, head of Security Lab at HP Labs, believes that more can be done to ensure that devices can be securely updated