4 Out of 5 IoT Device Vendors Fail in Basic Cybersecurity Practices | Lack of Disclosing Security Vulnerabilities

It was found that four out of five Internet of Things or IoT device manufacturers are failing basic cybersecurity practices. This is by not providing a way for certain people to disclose their security vulnerabilities in their products. The result could potentially put users of the device at risk of certain cyberattacks as well as breaches of privacy.

IoTSF Research on IoT Product Manufacturers

As per the research by the IoT Security Foundation or IoTSF, a certain tech industry group that now aims to help secure the IoT, they analyzed hundreds of different popular IoT product manufacturers. They found that just one in five of them advertise a public channel that can be used to report certain security vulnerabilities for them to be fixed.

It was discovered that 21% of vendors offering that kind of channel had risen slightly since last 2020. This is something that the IoT Security Foundation report calls "glacial" progress when it comes to what it describes as a "basic hygiene mechanism." Learn more about the risks of IoT and AI.

'Non Traditional IT Businesses'

This is despite certain countries that include the United Kingdom, United States, India, Singapore, Australia, and the European Union attempting to emphasize the importance of IoT devices cybersecurity and making certain vulnerability disclosures. The report now notes that some of the lack of vulnerability disclosure policy could be attributed to "non-traditional IT businesses" all entering the IoT market for the first time.

These include fashion providers launching their own connected products or even kitchen appliance manufacturers that are also adding some smart features. According to the story by ZDNet, in these particular cases, it is very likely the manufacturer's initial experience of having to think about building their own cybersecurity into products themselves.

Failure to Provide Mechanisms for Reporting Security Vulnerabilities

This was so that vulnerabilities could be able to find their way directly into devices since there is still no set pathway to report them. Nonetheless, the report actually points out how "IoT-related best practice" has mostly been freely available for anyone that can connect to the internet since 2017.

It was also noted that how four out of five companies are all failing to be able to provide a mechanism for reporting security vulnerabilities so they can be fixed is said to be "unacceptably low." Copper Horse CEO David Rogers, the company that is behind the research, gave a statement.

According to David Rogers, it was stated that this is often just the tip of the iceberg. It was said that an insecurity canary will make people realize that these companies would probably also pay less attention to security. Currently, projects like IoTeX is trying to bridge the gap between the internet of things or IoT and blockchain technology.

This article is owned by Tech Times

Written by Urian B.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics