The tsunami-sized trend to add intelligence with sensors and actuators and to connect devices, equipment and appliances to the internet poses safety, security and privacy risks.
The authors quantify the risks of Internet of Things (IoT) devices:
- 90% of devices collected at least some information via the device
- 80% of devices, along with their cloud and mobile components, did not require a password complex enough
- 70% of devices, along with their cloud and mobile components, enabled an attacker to identify valid user accounts through enumeration
- 70% of devices used unencrypted network services
- 6 out of 10 devices that provided user interfaces were vulnerable to a range of weaknesses, such as persistent XSS1 and weak credentials.Most risks are perceived to be financial. However, the authors include examples disproving this. Health records can actually be more valuable than banking and credit card information. For example, a health record that includes identity information such as Social Security numbers, addresses, children and jobs can be priced as high as $500 each.
