IoT Security: Government Accountability Office Highlights Risks Posed By Internet Of Things
The Government Accountability Office (GAO) issued a report on the internet of things (IoT) that found the growing popularity of web-connected devices poses a number of concerns involving security, privacy and safety.
The report marks the first in-depth study on the internet of things conducted by the government and notes the potential benefits of the proliferation of internet-connected devices while also acknowledging the threat posed by unsecured devices.
The GAO focused primarily on information security and privacy as two of the primary areas of interest. The report notes many IoT devices and related infrastructure do not have proper information security protocols in place.
A study done earlier this year by Ponemon Institute and sponsored by IBM and Arxan Technologies found 80 percent of apps for IoT products are not tested for security flaws and could be leaking user data.
That lack of security is worsened by the GAO’s findings that many IoT devices collect personally identifiable information such as names, email addresses and dates of birth — in addition to usage information about the device.
The report also notes the potential harm posed by unsecured devices that do not have proper protection, including many that come equipped with default passwords that are easy to guess.
Read: FCC Aims To Increase Security Regulations On Internet Of Things
A report from Symantec earlier this year found more than half of all devices come with a default password that is considered insecure while a 2014 report from HP found 70 percent of all IoT devices were vulnerable to attack.
"The IoT brings the risks inherent in potentially unsecured information technology systems into homes, factories and communities. IoT devices, networks or the cloud servers where they store data can be compromised in a cyberattack," the report said.
Failure of device manufacturers to implement adequate security practices resulted in the 2016 DDoS, or distributed denial of service, attack that temporarily took down a number of popular websites and services. That attack was carried out through a botnet comprised of compromised IoT devices, which targeted web services provider Dyn and resulted in services like Amazon, Twitter and Spotify going offline.
The GAO’s report marked the government’s first major review of the internet of things and provides the early groundwork for lawmakers and government agencies to begin further examination the topic. The report comes months after the Federal Communications Commission under the Barack Obama administration said it intended to lay the groundwork for IoT regulations to improve security.
To conduct this assessment, GAO said it reviewed key reports and scientific literature, convened two expert meetings through the National Academy of Sciences and interviewed officials from the Federal Trade Commission and FCC. The draft report was also reviewed by 10 federal agencies and 12 experts.
© Copyright IBTimes 2024. All rights reserved.