- Out of 7 billion IoT devices worldwide, nearly 560 million are under security threat.
- Main reasons are implementation of old protocols and use of weak system credentials.
A research conducted by cybersecurity company Avast and Stanford University, has revealed that a huge number of IoT devices use guessable passwords. For the study, Avast’s Home Scanner gathered data (related to user initiated scans) from 83 million devices worldwide. Only those users who explicitly agreed to share data were contacted. Care was taken to employ this data only for research purposes and not for commercial usage.
Vulnerable system protocols
The research discovered a disturbing trend. Over 8 percent of all IoT devices run on protocols such as FTP and Telnet, and a larger percentage of these devices have weak credentials. 8 percent might appear to be a small number, but if spread over approximately 7 billion IoT devices in the world, then that translates to 560 million devices.
“These are old protocols; they are easy and convenient, but burdened with security concerns – they were simply not designed to be secure. The widespread use of these is an indication of the dire state of security of these devices. Coupled with weak credentials, these devices are sitting ducks for malware such as Mirai, not to mention that such vulnerabilities on home routers leave the entire home at risk.” said Deepali Garg, senior Data Scientist at Avast.
What the security community needs to consider
The researchers conclude that it is crucial for the security community to understand the types of IoT devices that consumers install. It is equally important to consider their regional distributions as well, in order to implement a stronger security and privacy network.
“The security community has long discussed the security problems associated with emerging IoT devices. Unfortunately, these devices have long remained hidden behind home routers and we’ve had little large scale data on the types of devices deployed in actual homes. This data helps us shed light on the global emergence of IoT and types of the security problems present in the devices that real users own,” said Zakir Durumeric, a professor at Stanford University.
The researchers added: “We hope our analysis will help the security community focus on developing solutions that are applicable to IoT devices and homes in practice.” The findings will be published in a paper, All Things Considered: An Analysis of IoT Devices on Home Networks, which will be appearing at the USENIX Security this week.