80% of IoT Apps for Your Phone Contain Vulnerabilities
The Internet of Things is the newest fad. Today I heard about Internet connected sneakers. Apparently, you can change the design at will.
Given that and the lack of any liability of the part of the software developer no matter what happens (when was the last time a software developer was sued for writing a buggy app?), there is not a lot of motivation to write good software.
Pradeo labs studied a hundred apps that control everything from your baby monitor to your garage door and found some unsettling but not surprising facts:
- 80% of the apps had vulnerabilities
- 15% were vulnerable to being taken over
- 8% get connected to uncertified networks, including domains that have expired and which could be purchased by hackers
- 90% (yes, that is not a typo) leak application data such as application content, device information, video, audio and location.
Information from this post came from Pradeo Security.
Given this, what should a user do.
Unfortunately, there is no easy answer.
First, and this one is hard, don’t be the first on your block to install an app. Let others debug the software.
Second, look for app reviews and especially security info in reviews.
Third, ask the vendor (and not the retailer) about security. If you get blown off or get some fluffy answer, you get the message – security is irrelevant.
Fourth, make distinctions between apps that secure, say, your house and apps that open the blinds. You may not care if your blinds are opened accidentally, but you probably care if a hacker unlocks your house or is watching you and your baby.
And last, be willing to forgo the newest gee-whiz app if you don’t have a good feeling about it.