Nine Questions to Ask to Determine IoT Device Safety


The holidays are almost upon us.  All around the globe, people are purchasing the latest and greatest gadgets as gifts. Consumers will be linking their new of Internet of Things (IoT) thermostats, doorbells, baby monitors, security cameras, home appliances and even GPS pet trackers to the internet in droves.

On the heels of the holiday season, the International Consumer Electronics Show will take place in Las Vegas, Nevada,  where device manufacturers reveal a whole new crop of IoT devices set to hit the market in 2017. now has a team of “Smart Home” consultants who come to your house to help you wade through automation, Wi-Fi, ZigBee, Alexa and a sea of other “things” for your homes.

That’s a lot of IoT devices connecting to the internet!  A couple of years ago, I asked a group of people how many “things” did people have that were connected to the internet.  At the time, the largest number was 29 from any home user.  Today, that number is not uncommon. In fact, Gartner says 6.4 billion connected “things” will be in use in 2016, up 30 percent from 2015.  By 2020, it is estimated that the number of connected devices is expected to grow exponentially to 50 billion.

Smart city Internet of Things and Information Communication Technology

While IoT brings forth many benefits to consumers—from convenience to energy efficiency, to monitoring babies and locating lost pets—it also brings risk.  The Mirai botnet enslaved 152,000 IoT devices including: Smart TVs, refrigerators, and other smart household appliances.  These IoT devices were used them to take out the Dyn DNS Server this September.

[You might also like: Is Heat Your Thermostat’s First Priority?]

As a consumer, you might think… “why should I care if my device is involved in a DDoS attack? As long as it works, I don’t mind.” Well, some 20,000 residents in Finland found out the hard way why it matters, when their building’s IoT connected thermostats stopped functioning because the devices were enslaved to a botnet conducting a DDoS attack (By the way, it’s cold in Finland in November).

Whether you are a consumer considering a connected device as a gift for the holidays, or a reporter about to review the next wave of IoT devices launching at CES, we have put together a list of questions you should ask before diving in:

  1. What are you (the manufacturer) doing to protect devices from botnet enslavement?
  2. If the device does become enslaved, will it still perform its primary function?
  3. If it breaks during a DDoS attack, will you (manufacturer) honor the warrantee?
  4. What is your security vulnerability disclosure/handling process?
  5. What personal information is stored on the device? Which user accounts (e.g. email, cloud service, etc.)?
    • How do you protect that data?
  6. Which services are enabled by default?
  7. Does it need to be directly exposed to the internet (e.g. using UPnP to create a port-forwarding rule in the internet gateway)
  8. What is the procedure to upgrade the device firmware?
    • How do users receive notifications of updates?
    • Do you offer support for OTA (Over the Air) updates?
  9. Do you provide a web page/contact for security researchers to submit security reports? For example:

Many manufacturers are not ready to answer these questions.  Not only do many manufacturers not include security features in their product development, it’s not even in their scope of thought.  What’s worse, we’ve seen some manufacturers who have command and control enabled by default for eavesdropping!

For the consumers of these devices, you may find that you’re faced with the Wild West of security concerns.  Without having a home firewall or Unified Threat Manager (UTM), how will you know that the devices you’ve bought aren’t spying on you or leaking your personal details? How many consumers even know what a UTM is, or where to purchase and install one?

Companies face the same challenges.  Larger companies segment the devices from their production networks.  The areas where rapid adoption is happening is where the greatest vulnerabilities lay.  We believe that industry standards must to come to the table in 2017.   Secure communication protocols and standards will become public standards and IoT manufacturers will have certifications to these standards.  We predict a major IoT breach is going to happen and perhaps that will be the catalyst toward securing the Internet of Things.


Download Radware’s DDoS Handbook to get expert advice, actionable tools and tips to help detect and stop DDoS attacks.

Download Now


  1. With havin so much content and articles do you ever run into any issues of
    plagorism or copyright violation? My website has a lot of unique content I’ve either
    written myself or outsourced but it seems a lot of it is popping it
    up all over the web without my permission. Do you know
    any methods to help stop content from being ripped off? I’d
    truly appreciate it.

  2. Simply wish to say your article is as surprising. The clearness on your publish is simply spectacular and
    i could assume you’re an expert on this subject. Fine
    together with your permission allow me to take hold of
    your RSS feed to stay up to date with imminent post. Thanks one million and please
    carry on the enjoyable work.

  3. I’m really enjoying the theme/design of your blog. Do you ever run into any web browser compatibility issues?

    A number of my blog readers have complained about my site not working correctly
    in Explorer but looks great in Firefox. Do you have any tips to help fix this issue?

  4. My brother suggested I might like this blog.

    He was totally right. This publish actually made my day.

    You can not imagine just how much time I had spent for this information! Thank you!

  5. My coder is trying to convince me to move to .net from PHP.

    I have always disliked the idea because of the expenses.
    But he’s tryiong none the less. I’ve been using
    Movable-type on a variety of websites for about a year and am worried
    about switching to another platform. I have heard good things about
    Is there a way I can transfer all my wordpress content into it?
    Any kind of help would be really appreciated!

  6. One merthod off ensuring your high likelihood of
    winning big numbers oof money is by choosing what machine the suits you.
    New machnines where you can engage in casino games will
    often be quite expensive. You ccan play this fantasic slot game for
    just 1p annd findd ouut fantastic prizes andd hidden temples for many serious

  7. Fantastic items from you, man. I’ve consider your stuff prior to and
    you are simply extremely wonderful. I really like what you
    have got right here, really like what you are
    stating and the way in which through which you say it. You’re making it enjoyable
    and you still take care of to keep it sensible. I can’t wait to read far
    more from you. That is really a tremendous site.

  8. Great site you’ve got here.. It’s difficult to find excellent writing like
    yours nowadays. I seriously appreciate people like you!
    Take care!!

  9. hello!,I love your writing so so much! share we keep in touch
    extra approximately your post on AOL? I need a specialist on this space to solve my problem.

    Maybe that is you! Taking a look ahead to look you.

  10. What i don’t understood is in truth how you’re not actually much more well-liked than you might be now.
    You are very intelligent. You realize thus considerably on the subject of this topic, made me in my view imagine
    it from a lot of various angles. Its like men and women are
    not fascinated unless it’s one thing to do with Woman gaga!
    Your personal stuffs great. At all times maintain it up!

  11. I believe that is among the most vital information for me.
    And i am glad reading your article. However should statement
    on few normal issues, The website style is ideal, the articles is in reality
    nice : D. Good job, cheers

  12. I believe that is among the such a lot vital info for me. And i am
    glad reading your article. But wanna remark on some basic things, The site style is wonderful, the articles is truly great :
    D. Excellent job, cheers

  13. I was curious if you ever considered changing the page layout of your
    website? Its very well written; I love what youve got to say.
    But maybe you could a little more in the way of content so people could connect with it
    better. Youve got an awful lot of text for only having
    one or two images. Maybe you could space it out better?

  14. you’re in reality a just right webmaster. The site loading
    speed is amazing. It sort of feels that you are doing any unique trick.
    Also, The contents are masterpiece. you’ve done a wonderful process in this topic!


Please enter your comment!
Please enter your name here