Smart speakers and printers may have useful applications in the workplace but the lack of cyber security in IoT devices makes them a target for hackers
Connected technologies are increasingly making their way into our homes and the workplace – but the security of smart devices has been questioned in a new report.
Cloud security platform Zscaler claims that 91.5% of information shared between smart devices were unencrypted and therefore vulnerable to hacking.
Deepen Desai, vice-president of security research and operations at Zscaler, said: “The rapid adoption of these IoT devices has opened up new attack vectors for cybercriminals.
“And, as is often the case, IoT technology has moved more quickly than the mechanisms available to safeguard these devices and their users.”
How many smart devices are unsecure?
Market intelligence firm IDC has also predicted that IoT spending will reach $745bn (£590bn) in 2019.
Over the period of one month, between March and April 2019, Zscaler recorded 56 million data transactions across its cloud made by 270 different types of smart devices made by 153 manufacturers.
Of the companies on the Zscaler cloud, 1,051 organisations were found to have at least one IoT device.
But over 90% of these devices were communicating using plain text rather than using SSL encryption – the most widely-used system for secure communications over the internet.
The majority of smart devices (52%) communicating over the Zscaler cloud were digital media devices, while smart TVs (17%), wearables (8%) and smart printers (7%) were also regularly used in the enterprise setting.
Despite being the third most popular device, smart printers were the most frequently used item and were responsible for 51% of data communicated through the cloud.
What threat does smart device security pose to businesses?
The findings show that IoT devices could be an easy target for hackers to gain access to business networks, leaving them open to further cyber crime.
Mr Desai added: “The fact is that there has been almost no security built into the IoT hardware devices that have flooded the market in recent years, and there’s typically no way to easily patch these devices.
“While many businesses have thought security for IoT devices unnecessary because nothing is stored on the devices, this isn’t the case.
“The Mirai botnet attack illustrated how exposed companies can be as a result of their IoT devices.”
The Mirai botnet targeted smart devices to remotely control them and used their combined computer power to bring down other companies’ servers.
New UK cyber security laws for smart devices
In May this year, the UK government announced plans to introduce new laws to better protect consumers that use smart devices.
The new laws would mean that manufacturers that wanted to sell IoT devices in the UK would have to build basic cyber security features into all their products – from smart fridges to smart TVs.
Each device would also have to be sold with a label that informs customers of how secure it is.
National Cyber Security Centre (NCSC) technical director Dr Ian Levy said: “Serious security problems in consumer IoT devices, such as pre-set unchangeable passwords, continue to be discovered and it’s unacceptable that these are not being fixed by manufacturers.
“This innovative labelling scheme is good news for consumers, empowering them to make informed decisions about the technology they are bringing into their homes.”