Researchers from Princeton University have revealed that the Internet of Things (IoT) is considerably less secure than we have come to expect.
During a talk at this year’s PrivacyCon, hosted by the Federal Trade Commission, researchers revealed that many smart devices powering the IoT are leaking private information in cleartext – with little-to-no effort to encrypt personal data.
The most notable of their findings was that Alphabet’s popular Nest thermostat was leaking post codes in cleartext. When the researchers reported the bug it was quickly fixed, however it’s unclear how long the hole was open before it was found.
Transmitting data in cleartext isn’t inherently bad, but means that visitors with malicious intentions can easily steal information with very little legwork.
The group studied other IoT devices, such as a smart photo frame that communicated with the internet entirely unencrypted, and a speaker that leaked sensor data, which could be used to track whether or not the user was at home.
The biggest question surrounding the IoT is just how secure these smart devices really are.
Many creators of smart technology are just small startups that don’t really have the technical knowledge, experience or resources to build sophisticated security solutions, leaving users open to attack.
The researchers’ findings paint a grim reality. Some smart devices have such little computing power that they couldn’t perform the necessary encryption processes even if their creators wanted them to, and they’re all designed to send private information over the web.
There is hope that unified platforms could help standardise security and communication, but it is abundantly clear that manufacturers need to begin putting security first, or perhaps regulators should set minimum mandatory standards.
Right now, rock solid standards for the IoT don’t exist. Until they do, consumers may need to spend a little more time considering how happy they are with their information passing through the web without moderation .