Computer scientists from the US and Brazil have found that about half of IoT apps are potentially exploitable through protocol analysis. Because between 40 per cent and 60 per cent of the apps use local communication or local broadcast communication, there’s a potential attack path.
Dunstan Power, Director at ByteSnap Design:
“It is true that IoT security has had a poor record. Five years ago there was very little regard paid to the security aspects of many IoT devices, which were manufactured to a low cost and not seen as vulnerable.
“The thinking was “what does it matter if someone can turn my lights on and off?” missing the fact that the IoT device could be used as a vector into the system as a whole.
“Penetration testers have raised the profile greatly, though all publicised attacks are not equal, with at one end of the scale attacks that can be done remotely and can allow a critical system to be hacked, through to very convoluted attacks that require a high degree of local access and at the end of it only allow a light to be turned on or off. Quite often the hype around these is a bit hysterical and doesn’t really look at the real probability and outcome of attack classes.”
