FBI: Deal with your own Internet of Things security

IoT security is the responsibility of the user rather than the vendor it seems.

By Charlie Osborne for Zero Day, Sept. 15, 2015 – 

The FBI has a rather interesting opinion on how users should approach IoT devices and their security. The takeaway? If you want to use it, you'd better know what you're doing -- and keep it off the Internet.

Last week, the law enforcement agency issued a public notice on the Internet of Things (IoT) and the opportunities therein for cybercrime. IoT devices, ranging from connected cars to smart fridges and home security systems, have one thing in common: connection to the Internet and data transfer in some way.

While it's true connecting a device to the Web forges a pathway which may lead a cybercriminal right to your door -- especially if default passwords are in place -- many issues relating to the security of IoT devices lies squarely on the shoulders of the vendor.

Once connected to the Web, over-the-air updates and security patches can be issued, but you often find IoT firmware is left out-of-date. Critical vulnerabilities are discovered in connected home products almost every week, often leading to a vendor scramble to fix security flaws.

 Back