fotohansel - Fotolia

Most Britons adopting IoT devices cannot secure them

Two-thirds of UK consumers are concerned about the security of IoT devices – but nearly 75% cannot take steps to secure them, a survey reveals

Despite the fast adoption of internet of things (IoT) devices, 72% of UK consumers admit they do not know how to secure them, a survey has revealed.

At the same time, two thirds of those polled said they were concerned about data theft from their IoT-connected devices, according to a survey of more than 6,000 UK consumers conducted by security firm BullGuard.

Security industry commentators have been warning about the security dangers of IoT devices for a while – but that has not slowed adoption.

“There is little or no effective security in most IoT devices,” David Alexander, managing consultant at PA Consulting, told the Crest Con and IISP Congress 2016.

“There is also a lot of deployment without planning for how it is all going to work – and lots of land-grabs for market share,” he said – meaning companies are more concerned about getting products to market, than about ensuring those products are secure.

The BullGuard survey shows that the internet of things is set to become larger and more pervasive in the near future, with more than a quarter of consumers set to buy IoT devices in the next year.

“We were surprised by how quickly IoT adoption seems to be moving – from a handful of early adopters to becoming mainstream,” Paul Lipman, CEO of BullGuard told Computer Weekly.

Read more about IoT security

CIA weighs in

The number and variety of IoT devices is already increasing rapidly and includes products such as internet connected cars, TVs, thermostats, security systems, baby monitors, cameras and light bulbs.

The survey shows that 78% of consumers are concerned about security risks such as malware and hackers; some 66% are concerned about data collected by device manufacturers being used inappropriately or stolen; while 57% are also anxious about privacy breaches.

The IoT industry has yet to establish common security standards for devices. Smart device manufacturers tend to adopt their own approach to security, while updates to ensure device security are often too technical and complex for consumers to carry out – even for the technically literate.

BullGuard’s research revealed that 22% of consumers who claimed to have advanced technical skills are not confident in their ability to keep their connected devices secure.

The vulnerability of IoT devices has even been acknowledged by intelligence agencies across the world. In a recent testimony to the US senate James Clapper, the US director of national intelligence, said: “In the future, intelligence services might use the [internet of things] for identification, surveillance, monitoring, location tracking… or to gain access to networks or user credentials.”

Lipman said that, while many people have been working with internet-connected devices for some time, the internet of things is changing their perception of personal security – for themselves and their data.

“It’s not just those who consider themselves ‘technophobes’ that have these concerns – tech-savvy users are saying the same.”

'Tech-savvy' password problems

The survey shows there remain issues to address when it comes to reassuring and educating IoT users, even those who consider themselves technically literate.

Regarding how respondents rated their computer skills, 63% described themselves as "intermediate or advanced".

Although 81% said they are capable of setting up their own router, 63% said they had not changed their router’s password; 49% admitted that they did not know how; and 72% said they did not know how to configure a router to keep a home network secure.

According to BullGuard, router security is essential, because an IoT device provides a gateway to a home network via a router, allowing cyber criminals the ability to scope out home networks and remain undetected. 

“Consumers are clearly not equipped to handle the security risks presented by connected devices,” said Lipman.

With devices such as security cameras, alarm systems and door locks now being connected to the internet, physical security is becoming as much of a consideration for consumers as data security. Keeping these devices secure is absolutely imperative.”

Antivirus supplier opportunity

Consumers are looking to antivirus suppliers to help them solve this problem, the survey shows, with 44% of respondents saying antivirus suppliers are responsible for securing their connected devices, rather than the device manufacturer or the internet service provider.

“In the consumer world today, the security market is really an endpoint security market,” said Lipman.

“But as more IoT devices find their way into the home, we are going to have to introduce more network security-like technologies into the home to keep pace because the risks are going to outstrip current security products,” he said.

Lipman notes that, while endpoint security works well for PCs, tablets and smartphones, many IoT devices do not have the capacity to run endpoint security software.

“If you have a home with tens of IoT devices all talking over the internet to a variety of services, the way you will have to do security in that scenario is at the network level,” he said.

Lipman said the survey results show that antivirus products essentially have a mandate from consumers to help them solve the emerging problem.

“There is some innovation happening in the market – so that is going to be the next major area of security innovation and investment,” he said.

Practical steps for IoT security

In the meantime, Lipman said users of IoT devices should ensure they:

  1. Ensure their conventional device software is up to date and security-patched;
  2. Change default passwords on routers and IoT devices wherever possible;
  3. Ensure router security settings and software is up to date;
  4. Enable encrypted communications wherever possible.

Read more on Hackers and cybercrime prevention