Why the Internet of Things is a can of worms and how to keep it sealed

Why the Internet of Things is a can of worms and how to keep it sealed

Security providers need to rethink basic security functions of IoT-enabled applications before they are put to market.

Innocuous devices the Internet of Things search engine Shodan recently found to be vulnerable to cyber attacks include a teddy bear able to remotely send voice messages and a doorbell with a video monitor that can be remotely accessed by a phone. Unchanged default passwords and poor app configuration were discovered as the most prominent flaws affecting these devices.

Tom Lysemose Hansen, founder and CTO of Norwegian app security firm Promon, commented on the importance of comprehensively protecting apps that could present a portal for hackers to intrude into the wider lives of their owners:

“Introducing a single object into a wireless network that is inadequately protected is a straightforward way of exposing personal data to an intruder. Fortunately, according to the security analyst that identified the threat, no external user exploited the attack vectors. This, however, is beside the point: it is typical that a successful attack vector could remain open to exploit data for some time before it is identified and patched.”

Hansen continued: “Part of the vulnerability is due to the ease with which consumer goods can be cracked. If the default passwords are not changed – and I suspect with childrens’ toys this is the case – bypassing them is relatively simple. A patch can be introduced retroactively, but until then, the device could be a single entry point into an entire private network, enabling hackers to uncover sensitive data or relay false information. The model of using default passwords must be put to bed if IoT is to become an integral feature of domestic life, otherwise its associated dangers will overwhelm any perceived benefits.”

According to Gartner, by 2020 a black market worth more than $5billion will exist to sell sensor and video data extracted from IoT devices. This data will allow criminals to access privately held consumer information through man-in-the middle attacks, where attackers can drain data from customers’ accounts through an approved external request.

Hansen said: “The developers of applications are all too eager to crack the simplest and least demanding way of controlling a device remotely, but – in order to maintain IoT’s pace of growth without muddying its image – adequate security must be developed in tandem.”

Hansen continued:

“The security of the IoT hinges on the apps used to access, monitor and control the device – whether it’s a mobile app used to control a doorbell or a teddy bear. It is crucial this app is able to self-protect, otherwise sensitive data, such as passwords, may be leaked and misused. Ideally, the device should verify that it’s being accessed from a trusted app, and this verification process should not rely on single static factors, like default passwords, but multiple factor authentication to ensure the integrity of the private network.

“While the implications of a hacked banking application are widely recognised, wireless consumer goods now pose an uncertain threat. How app developers and manufacturers handle these threats will determine the success and legality of their entry into the consumer IoT market. It’s important that these early incursions on unsafe networks are nipped in the bud with effective security measures, namely the replacement of ineffective or unavailable anti-malware software with perennial in-app security and a more individualised, user-friendly password system.” Hansen concluded.

[su_button url=”http://promon.co/” target=”blank” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]For more information on Promon click here[/su_button]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Cloud, AI, and Integration: Rhombus on What’s Next in Physical Security

Garrett Larsson, Co-Founder and CEO of Rhombus Systems, explores how cloud, AI, and…
Copyright: Security Buyer

Facial Recognition: Innovation vs. Accountability

Facial recognition technology is advancing with AI, IoT, and privacy-first security, but regulatory compliance, ethical AI, accountability…
ICT

ICT & Milestone unified with new integrations

Integrated Control Technology (ICT) has released paired integrations between Protege GX, and Milestone’s XProtect platforms…
Hanwha

Hanwha Vision and Immix bolster integration

Hanwha Vision and Immix have enhanced their longstanding partnership with a deeper integration that supports industry-leading AI analytics
SESIP

GlobalPlatform to support SESIP IoT evaluation standard

In response to the growing uptake of GlobalPlatform’s Security Evaluation Standard for IoT Platforms (SESIP) methodology, the organization…
IoT

IoT: Secure and Connected

Hannah Larvin, Features Editor of Security Buyer explores how IoT is transforming security with advanced integration and interoperability…
ZeroSSL

HID Enhances Its PKI Offerings with Acquisition of ZeroSSL

HID, a worldwide leader in trusted identity solutions, announces the acquisition of ZeroSSL, an SSL certificate provider based in Austria…
C7000 HERO IMAGE

Greater integrations with the release Command Centre v9

Gallagher Security is proud to announce the latest release of their award-winning security site management software, Command Centre v9 today.
Global Platform

Adoption of GlobalPlatform’s IoT security evaluation standard

GlobalPlatform’s Security Evaluation Standard for IoT Platforms (SESIP) methodology has been adopted as the basis for a European Standard (EN)
biometrics

Embracing Integration, Intelligent Evolution

Managing Editor Rebecca Spayne looks at the UK’s physical security landscape and its transformative shift, converging cyber…
Scroll to Top