Nine Questions to Ask to Determine IoT Device Safety

46
8488

The holidays are almost upon us.  All around the globe, people are purchasing the latest and greatest gadgets as gifts. Consumers will be linking their new of Internet of Things (IoT) thermostats, doorbells, baby monitors, security cameras, home appliances and even GPS pet trackers to the internet in droves.

On the heels of the holiday season, the International Consumer Electronics Show will take place in Las Vegas, Nevada,  where device manufacturers reveal a whole new crop of IoT devices set to hit the market in 2017.  Amazon.com now has a team of “Smart Home” consultants who come to your house to help you wade through automation, Wi-Fi, ZigBee, Alexa and a sea of other “things” for your homes.

That’s a lot of IoT devices connecting to the internet!  A couple of years ago, I asked a group of people how many “things” did people have that were connected to the internet.  At the time, the largest number was 29 from any home user.  Today, that number is not uncommon. In fact, Gartner says 6.4 billion connected “things” will be in use in 2016, up 30 percent from 2015.  By 2020, it is estimated that the number of connected devices is expected to grow exponentially to 50 billion.

Smart city Internet of Things and Information Communication Technology

While IoT brings forth many benefits to consumers—from convenience to energy efficiency, to monitoring babies and locating lost pets—it also brings risk.  The Mirai botnet enslaved 152,000 IoT devices including: Smart TVs, refrigerators, and other smart household appliances.  These IoT devices were used them to take out the Dyn DNS Server this September.

[You might also like: Is Heat Your Thermostat’s First Priority?]

As a consumer, you might think… “why should I care if my device is involved in a DDoS attack? As long as it works, I don’t mind.” Well, some 20,000 residents in Finland found out the hard way why it matters, when their building’s IoT connected thermostats stopped functioning because the devices were enslaved to a botnet conducting a DDoS attack (By the way, it’s cold in Finland in November).

Whether you are a consumer considering a connected device as a gift for the holidays, or a reporter about to review the next wave of IoT devices launching at CES, we have put together a list of questions you should ask before diving in:

  1. What are you (the manufacturer) doing to protect devices from botnet enslavement?
  2. If the device does become enslaved, will it still perform its primary function?
  3. If it breaks during a DDoS attack, will you (manufacturer) honor the warrantee?
  4. What is your security vulnerability disclosure/handling process?
  5. What personal information is stored on the device? Which user accounts (e.g. email, cloud service, etc.)?
    • How do you protect that data?
  6. Which services are enabled by default?
  7. Does it need to be directly exposed to the internet (e.g. using UPnP to create a port-forwarding rule in the internet gateway)
  8. What is the procedure to upgrade the device firmware?
    • How do users receive notifications of updates?
    • Do you offer support for OTA (Over the Air) updates?
  9. Do you provide a web page/contact for security researchers to submit security reports? For example: https://nest.com/security/

Many manufacturers are not ready to answer these questions.  Not only do many manufacturers not include security features in their product development, it’s not even in their scope of thought.  What’s worse, we’ve seen some manufacturers who have command and control enabled by default for eavesdropping!

For the consumers of these devices, you may find that you’re faced with the Wild West of security concerns.  Without having a home firewall or Unified Threat Manager (UTM), how will you know that the devices you’ve bought aren’t spying on you or leaking your personal details? How many consumers even know what a UTM is, or where to purchase and install one?

Companies face the same challenges.  Larger companies segment the devices from their production networks.  The areas where rapid adoption is happening is where the greatest vulnerabilities lay.  We believe that industry standards must to come to the table in 2017.   Secure communication protocols and standards will become public standards and IoT manufacturers will have certifications to these standards.  We predict a major IoT breach is going to happen and perhaps that will be the catalyst toward securing the Internet of Things.

DDoS_Handbook_glow

Download Radware’s DDoS Handbook to get expert advice, actionable tools and tips to help detect and stop DDoS attacks.

Download Now

46 COMMENTS

  1. With havin so much content and articles do you ever run into any issues of
    plagorism or copyright violation? My website has a lot of unique content I’ve either
    written myself or outsourced but it seems a lot of it is popping it
    up all over the web without my permission. Do you know
    any methods to help stop content from being ripped off? I’d
    truly appreciate it.

  2. Simply wish to say your article is as surprising. The clearness on your publish is simply spectacular and
    i could assume you’re an expert on this subject. Fine
    together with your permission allow me to take hold of
    your RSS feed to stay up to date with imminent post. Thanks one million and please
    carry on the enjoyable work.

  3. I’m really enjoying the theme/design of your blog. Do you ever run into any web browser compatibility issues?

    A number of my blog readers have complained about my site not working correctly
    in Explorer but looks great in Firefox. Do you have any tips to help fix this issue?

  4. My brother suggested I might like this blog.

    He was totally right. This publish actually made my day.

    You can not imagine just how much time I had spent for this information! Thank you!

  5. My coder is trying to convince me to move to .net from PHP.

    I have always disliked the idea because of the expenses.
    But he’s tryiong none the less. I’ve been using
    Movable-type on a variety of websites for about a year and am worried
    about switching to another platform. I have heard good things about blogengine.net.
    Is there a way I can transfer all my wordpress content into it?
    Any kind of help would be really appreciated!

  6. One merthod off ensuring your high likelihood of
    winning big numbers oof money is by choosing what machine the suits you.
    New machnines where you can engage in casino games will
    often be quite expensive. You ccan play this fantasic slot game for
    just 1p annd findd ouut fantastic prizes andd hidden temples for many serious
    winnings.

  7. Fantastic items from you, man. I’ve consider your stuff prior to and
    you are simply extremely wonderful. I really like what you
    have got right here, really like what you are
    stating and the way in which through which you say it. You’re making it enjoyable
    and you still take care of to keep it sensible. I can’t wait to read far
    more from you. That is really a tremendous site.

  8. Great site you’ve got here.. It’s difficult to find excellent writing like
    yours nowadays. I seriously appreciate people like you!
    Take care!!

  9. hello!,I love your writing so so much! share we keep in touch
    extra approximately your post on AOL? I need a specialist on this space to solve my problem.

    Maybe that is you! Taking a look ahead to look you.

  10. What i don’t understood is in truth how you’re not actually much more well-liked than you might be now.
    You are very intelligent. You realize thus considerably on the subject of this topic, made me in my view imagine
    it from a lot of various angles. Its like men and women are
    not fascinated unless it’s one thing to do with Woman gaga!
    Your personal stuffs great. At all times maintain it up!

  11. I believe that is among the most vital information for me.
    And i am glad reading your article. However should statement
    on few normal issues, The website style is ideal, the articles is in reality
    nice : D. Good job, cheers

  12. I believe that is among the such a lot vital info for me. And i am
    glad reading your article. But wanna remark on some basic things, The site style is wonderful, the articles is truly great :
    D. Excellent job, cheers

  13. I was curious if you ever considered changing the page layout of your
    website? Its very well written; I love what youve got to say.
    But maybe you could a little more in the way of content so people could connect with it
    better. Youve got an awful lot of text for only having
    one or two images. Maybe you could space it out better?

  14. you’re in reality a just right webmaster. The site loading
    speed is amazing. It sort of feels that you are doing any unique trick.
    Also, The contents are masterpiece. you’ve done a wonderful process in this topic!

  15. Hmm it looks like your website ate my first comment (it
    was extremely long) so I guess I’ll just sum it up what I had written and say, I’m thoroughly enjoying your blog.
    I as well am an aspiring blog writer but I’m still
    new to the whole thing. Do you have any tips for novice blog
    writers? I’d genuinely appreciate it.

  16. Hi there terrific blog! Does running a blog such as this
    require a great deal of work? I have no knowledge of computer programming however I was hoping to start my own blog soon. Anyway, if you have any suggestions
    or techniques for new blog owners please share.
    I understand this is off subject nevertheless I simply had to ask.
    Kudos!

  17. Samuel Kinge, 38, from Harlow, appeared in court in Dendermonde, Belgium, this morning alongside three other alleged paedophiles in the country’s largest ever child pornography case.

    She’s somebody who is desperate to please having had only three
    serious relationships in her adult life. As the
    police were to discover many months after the event Taylor boasted of
    having sexually assaulted the girl without her
    knowledge – an assault which occurred while he touched her over her bikini bottoms when she was at a swimming pool.
    Keeli Burlingham, 33, and Peter Taylor, also 33, would sexually assault youngsters
    and send pictures and videos of the abuse to each other over WhatsApp.

    I have never been so angry in my life I don’t think I can get over
    this or let this lie. This is a form of social moderation of a chat room designed to give people the collective power to have influence
    over their chat environment and experience. I give
    the site my credit card and finally enter the MyGamerVault site, which features a
    menu of dozens of porn games that parody popular video games, like Call of Booty and Grand Fuck Auto.

    Most cam sites are free to join but will require users to have some form of the site’s currency-tokens, coins, points (or whatever
    they may call it) in order to receive private shows,
    tip performers, access spycams (or view someone else’s
    private show in ghost mode), or have the model act
    out your fantasy in a public show.

  18. Beyaz zehir, krem ve somon üzere celi tonlar, her dem tercih sebebi
    oluyor. Tül perde seçilirken antrparantez mobilyaların renk tonuna
    da bandajlı sözınıyor. Mobilyalarınızda ve perdelerinizde aynı nitelik tonlarını kullanarak ton sür titrem trendini deneyimleyebilirsiniz.
    Dilerseniz zıt renkleri, bir arada kullanarak eklektik bir stil oluşturabilirsiniz.

    × Sitemizde sunulan özelliklerin ve sitenin çalışmaleyişi dâhilin bazı çerezlerin kullanılması uran olarak zorunludur.
    Sair temelı çerezler de sitemizi yetiştirmek ve bizim yakaımızdan veya salahiyettar ihtimam sağlayıcılarımız
    aracılığıyla size ilişik alanınıza bakılırsa reklamların sunulması üzere
    kullanılmaktadır.

    Beli, Trend stor perde başta tutulmak üzere perde sistemlerinin imalat ve satışını takribî 20
    senedir yapmaktadır.

    Hileışbilgiş deneyimini iyileştirmek ciğerin kişisel data politikamız
    doğrultusunda çerezler kullanıyoruz.

    Lazım ilenmeşap lüzum düzenüminyun jaluziler kir ve leke tutmaz.
    Antibakteriyel özelliklidirler. Sedece nemli bir bezle silmeniz halinde de orjinal parlayan ve temizliğe kavuşurlar.

    Kullanılan bu konsept ürünler yapışmadığı üzere
    aynı zamanda beyazlığını kazanmasına da neden oluyor.
    Türap halinde kâin şeker ve karbonat çyalnızşır makinesine
    bile dokunca vermediği bâtınin yararlanma avantajı esenlıyor.
    Dürüstıcı bir beyazlık ciğerin ise şekerin ya
    da karbonatın deterjan haneüne bileğil direkt olarak perdelerin üzerine konulması gerekiyor.

    #perde #yeni #new #en #gücük #zamanda #adana #sazak #hatay #kahramanmaraş #istanbul #cyprus #kıbrıs #kktc #türkiye #turkey #tr #geritakip #gt

    #perde #imalat #adana #mersin #hatay #osmaniye #motorluperde #kahramanmaraş #andırın #mut #bozyazı #ankara

    Stor perde kullanmaı son dönemlerde henüz şu denli artmakta olan ve farklı alanlarda da
    kullanılan modellerden biri haline mevruttir. Özellikle de
    dünya aracılığıyla büro, aş damı ve bütün ocak kabilinden alanlarda yararlanmaına örutubet verilen stor perde modelleri ise bizim bünyemizde
    arazi aldatmaıyor.  Ofislerinizde evlerinizde küçük odalarda
    ve ofis tempoı alanlarda stor perde kullanmayı tercih ettiğiniz saat yararlanma kolaylığından ve saffet
    kolaylığından ötürü bir epey mutlu kalabileceksiniz.

    Bu kumaşın bir özelliği vardır. Arkası PVC malzemeyle kaplıdır.
    Bunun medlulı ışığa karşı sıfır geçirgenliğe iye demektir.
    şemsten etkilenmek istemeyen kişilerin ilk seçimi bu güpürtır.  Blackout perdeler kendi aralarında da marka ve kalite sınıflarına ayrılmaktadır.

    #perde #yeni #new #storperdeadana #motorluperde #adana #mersin ağacı #hatay #kahramanmaraş #istanbul #cyprus #kıbrıs #kktc #türkiye #hakkari #van #vans #ağrı #trabzon #azerbaycan

    Cama monte perdelerde perdenin kumaş, bedduaşap ya da tuzaküminyum olması perdenin temizliğinin de ayırtılık göstermesine ne
    olur.

    #perde #yeni #new #en #kesik #zamanda #adana #mersin #hatay #kahramanmaraş #istanbul #cyprus #kıbrıs #kktc #digitalpainting #baskı

    Eşimin arkadaşının tavsiyesi üzerine stor perdelerimizi kervan perdeye yaptırdık ölçü
    ve malzeme kalitesi acayip leziz verdiğimiz paraya gömlek ön bileğdi

  19. Thank you a bunch for sharing this with all people you
    really recognize what you’re speaking about! Bookmarked.
    Kindly additionally talk over with my site =). We may have a hyperlink alternate agreement between us

  20. Permainan slot yang menggunakan mesin virtual selalu mempunyai agen resmi untuk memasarkan permainan ini dan agen ini sudah pasti memiliki situs untuk memfasilitasi pemain agar bisa merasakan bermain slot online. Jika anda ingin mendapatkan situs slot yang tepat, maka situs yang dimiliki agen resmi merupakan jawabannya.

  21. Nice article, Hi there terrific blog! Does running a blog such as this
    require a great deal of work? I have no knowledge of computer programming however I was hoping to start my own blog soon. Anyway, if you have any suggestions
    or techniques for new blog owners please share.
    I understand this is off subject nevertheless I simply had to ask.
    Kudos!

  22. Maybe we should play a game to find out. These are just a few of the types of sessions you can expect to
    find in our online rooms, all of the women love authority and to watch you crumble as they
    make demands of you. There are other rules, and you’ll find
    them all under The Rules on the navigation bar. Many are clean shaven, too, but facial hair is commonplace.
    A lot of the performers here are guys I’ve watched in videos on other sites including
    Muscle Hunk and Power Men, which – by the way
    – are sites from the same company. Even when a model isn’t available to chat on Live Muscle Show, you can access his profile
    and all of his photos and videos. The primary
    goal of this site is to keep porn free and simple for our users to access.
    While registering for the site is free, if you never
    buy any time, your access will be blocked for a while.
    Like the live shows, the archived live shows are available
    in a variety of qualities, and while most have sound, some don’t.

  23. Nice article, Wow that’s a very interesting post, I love this post, I think everyone will like it. So many interesting posts that you can read again. Want to read more interesting posts? You can go to the link below.

  24. NIce share, Hmm it looks like your website ate my first comment (it
    was extremely long) so I guess I’ll just sum it up what I had written and say, I’m thoroughly enjoying your blog.
    I as well am an aspiring blog writer but I’m still
    new to the whole thing. Do you have any tips for novice blog
    writers? I’d genuinely appreciate it.

  25. What i do not realize is in reality how you are now not really
    much more neatly-liked than you may be right now.
    You’re very intelligent. You recognize therefore significantly with regards to this topic, produced me for my part believe
    it from a lot of numerous angles. Its like women and men are not involved except it’s
    something to accomplish with Lady gaga! Your individual stuffs
    great. All the time maintain it up!

  26. Bagi kamu yang sedang mencari VPN Android gratis terbaik, Bukasajasemua adalah solusinya, menawarkan semua keunggulan yang dimiliki layanan dan kualitas VPN premium dengan tanpa harus mengeluarkan uang ataupun gratis.

LEAVE A REPLY

Please enter your comment!
Please enter your name here