About 40% of households across the globe now have at least one IoT (internet of things) device, bringing with it increased cybersecurity risks, according to a research by Avast, digital security products company, in collaboration with Stanford University.
The research reveals a complex picture of the IoT ecosystem and subsequent cybersecurity challenges in homes across the world.
According to the key findings, North America has the highest density of IoT devices of any region, with 66% of homes possessing at least one IoT device, compared with the global average of 40%.
Even with over 14,000 IoT manufacturers worldwide, 94% of all IoT devices are manufactured by just 100 vendors. Obsolete protocols such as FTP and Telnet are still used by millions of devices. Over 7% of all IoT devices still use these protocols, making them especially vulnerable.
Users contributed data to the study using Avast’s popular Wi-Fi Inspector, which scans home networks for vulnerabilities and identifies potential security issues that open the door to threats. This feature checks the status of a network, devices connected to the network, and router settings. Wi-Fi Inspector helps secure a network to prevent attackers from accessing it and misusing personal data.
While there is a very long tail of over 14,000 global IoT vendors, market dominance is limited to only a few, the paper found.
By hardening these devices against unwanted access, manufacturers can help prevent bad actors from compromising these devices for spying or denial of service attacks.
As part of the study, Avast identified that a significant number of devices use obsolete protocols such as Telnet and FTP. Seven percent of all IoT devices support one of these protocols.
This is also the case for 15% of home routers, which act as a gateway into the home network. When routers have weak credentials, they can open up other devices and potentially entire homes to an attack.
There is little reason for IoT devices to support Telnet in 2019. Yet, the research shows that surveillance devices and routers consistently support the protocol. Surveillance devices have the weakest Telnet profile, along with routers and printers. This aligns with historical evidence such as the role of Telnet in the Mirai botnet attacks that suggests these kinds of devices are both numerous and easy to compromise.
The research is the largest global study to date, examining the state of IoT devices. Avast scanned 83 million IoT devices in 16 million homes worldwide to understand the distribution and security profile of IoT devices by type and manufacturer. The findings were then validated and analyzed by research teams at Avast and Stanford University.