Physical, Computer and Network Security News

Stanford University and Avast team up to examine cyber risks of connected homes

Internet security providers Avast have released a report, in conjunction with Stanford University, that looks at the growing adoption of IoT and connected devices in homes around the world, and how this is exposing home networks to increased risk of cyber attack.

The report reveals that about 40 percent of households across the globe now contain at least one IoT device. While figures do not audit Australia or New Zealand independently, in Oceania that number is almost 50 percent. This explosion of connected devices brings with it an associated growth in cybersecurity risks. 

“The security community has long discussed the problems associated with emerging IoT devices,” said Zakir Durumeric, assistant professor of computer science at Stanford University.

 “Unfortunately, these devices have remained hidden behind home routers and we’ve had little large-scale data on the types of devices deployed in actual homes. This data helps us shed light on the global emergence of IoT and types of the security problems present in the devices real users own.” 

The findings have been published in a new research paper, being presented at the Usenix Security Conference 2019, “All Things Considered: An Analysis of IoT Devices on Home Networks.”

The research is the largest global study to date examining the state of IoT devices. Avast scanned 83 million IoT devices in 16 million homes worldwide to understand the distribution and security profile of IoT devices by type and manufacturer. The findings were then validated and analyzed by research teams at Avast and Stanford University. 

The research reveals a complex picture of the IoT ecosystem and subsequent cybersecurity challenges in homes across the world. Key findings include:

  • North America has the highest density of IoT devices of any region, with 66% of homes possessing at least one IoT device, compared to the global average of 40%.
  • 49.2% of homes in Oceania have IoT devices, which places the region slightly behind Western Europe, which is second highest at 53.5%.
  • In Oceania, 30.7% of homes have media devices, 19.8% have work-related IoT hardware and 10.1% have gaming consoles.
  • Even with over 14,000 IoT manufacturers worldwide, 94% of all IoT devices are manufactured by just 100 vendors. 
  • Obsolete protocols like FTP and Telnet are still used by millions of devices; over 7% of all IoT devices still use these protocols, making them especially vulnerable.  

Users contributed data to the study using Avast’s popular Wi-Fi Inspector, which scans home networks for vulnerabilities and identifies potential security issues that open the door to threats. This feature checks the status of your network, devices connected to the network, and router settings. Wi-Fi Inspector helps secure your network to prevent attackers from accessing it and misusing personal data.

The paper further explored the distribution of global IoT vendors. Of particular interest is the information that, while there are 14,000 global IoT vendors listed, fewer than 100 of these are responsible for more than 94% of IoT devices.  

“A key finding of this paper is that 94% of the home IoT devices were made by fewer than 100 vendors, and half are made by just ten vendors,” says Rajarshi Gupta, Head of AI at Avast. “This puts these manufacturers in a unique position to ensure that consumers have access to devices with strong privacy and security by design.” 

By hardening these devices against unwanted access, manufacturers can help prevent bad actors from compromising these devices for spying or denial of service attacks.

As part of the study, Avast identified that a significant number of devices use obsolete protocols such as Telnet and FTP. Seven percent of all IoT devices support one of these protocols.  

This is also the case for 15% of home routers, which act as a gateway into the home network. This is a serious issue as when routers have weak credentials they can open up other devices and potentially entire homes to an attack. 

There is little reason for IoT devices to support Telnet in 2019. Yet, the research shows that surveillance devices and routers consistently support the protocol. Surveillance devices have the weakest Telnet profile, along with routers and printers. This aligns with historical evidence such as the role of Telnet in the Mirai botnet attacks that suggests these kinds of devices are both numerous and easy to compromise. 

This email address is being protected from spambots. You need JavaScript enabled to view it.