Story image

Internet users love IoT devices but loathe the lack of security

23 Nov 2018

Internet users across Asia Pacific demand more security and privacy guarantees from Internet of things (IoT) device manufacturers, with many wary of how secure their devices really are.

The Internet Society conducted a survey of 951 internet users, of which 11% were from Australia, New Zealand, and the Pacific Islands.

The survey says that IoT devices are now commonplace. 70% of respondents own at least one IoT devices, and almost half already own three or more devices.

The most popular devices include appliances like smart TVs and fridges, as well as connected wearables, fitness monitors, and voice assistants like Google Home. Virtual reality headsets were also popular.

Despite the widespread reach of those devices, two thirds of respondents said security is a key factor that influences their buying decision.

However, 90% of respondents said they don’t trust IoT manufacturers and service providers to secure their device. 

"There is a need to ensure that manufacturers and suppliers of IoT products and services protect consumers and the privacy of their data. Currently, the measures that are in place do not match the degree of concern from current and future owners of IoT devices,” comments Internet Society regional director of the Asia-Pacific Regional Bureau, Rajnesh Singh.

Main respondent concerns included personal information leaks (81%); hacking devices for criminal purposes (73%); hacking personal information (72%); and monitoring without knowledge or consent (71%).

Of those who don’t own an IoT device, 60% said they’re unlikely to use a device if there’s no guarantees that their personal information will be fully protected.

Despite their concerns, many respondents don’t actually know how to protect themselves.

Only half of respondents who own an IoT device have changed their password; and a third have read both the privacy policy and terms and conditions associated with their device.

Almost 50% of respondents who haven’t changed their device passwords also claimed that their devices don’t have one. Apathy is also evident: 30% decided not to change passwords, and 10% didn’t know how.

Respondents were very clear about what they would like to see in terms of security and privacy protections in IoT devices.

Many respondents said they would purchase IoT devices with a security guarantee, for example a certification label or trust mark.

They signalled requirements such as:

•    The option to delete personal data collected (84%) •    Know what kinds of personal data the IoT device captures (84%) •    Know who can access this information (83%) •    Know how this information is used (77%) •    Know where this information is stored (72%)

Chillisoft rounds out portfolio with file integrity vendor
Tripwire is the fourth vendor for Chillisoft in six months, adding critical security controls, vulnerability management and file integrity monitoring.
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Optic Security Group celebrates Axis accolade
Auckland-based business security systems provider Fortlock has picked up an award at Axis Communications’ annual Oceania Axis Partner Summit 2019.
Managing data to comply with privacy regulations - Micro Focus
It’s crucial for organisations to be able to access, understand, and accurately classify the data they have so they know how to treat it.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.