The poor security of consumer Internet or Things (IoT) devices poses a threat to enterprise systems. Such products can connect to the networks of companies.
A research team from Stanford University and Avast Software performed antivirus scans on 83 million IoT devices in 16 million households worldwide. Many of these devices turned out to have very poor security, writes Venturebeat.
This includes devices such as computers, routers, mobile devices, voice assistants and security cameras. The researchers also looked at connected devices such as smart lamps and external storage. According to the study, there is at least one IoT device in more than one third of households worldwide. A quarter has three or more.
FTP and Telnet
According to the study, the most serious problems occur with devices that have been in use in households for many years. These include smart TVs, game consoles, printers, security cameras and routers supplied by the ISP.
Many of these devices use outdated FTP and Telnet protocols, with open and weak credentials. These protocols also led to the emergence of the Mirai botnet, which in 2016 took many large websites offline via DDoS attacks.
The researchers therefore warn that the dullest devices cause the most problems, not the new devices that get a lot of attention. “Our main concern is that products made by companies that do not understand network security properly and do not have this as a priority, connect to a network,” says Avast-CEO Ondrej Vlcek.
What can you do now?
The researchers hope that their findings will encourage companies such as Comcast, HP, Roku and PlayStation to do more to secure their products. This can solve a lot of problems, since 90% of appliances worldwide are manufactured by just 100 manufacturers.
Enterprises can now ensure that IoT devices on their network do not use outdated protocols such as Telnet or FTP. In addition, it is good to check whether the administrator interfaces have strong passwords.
It is also recommended to apply network segmentation, separating IoT devices from the important business subnets. In this way, the attack surface is reduced.This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.