Menu

IoT FEATURE NEWS

OTA Report Says All IoT Vulnerability is Avoidable

By

IoT Security and privacy concerns are top of mind for any knowledgeable developer or implementation company in the industry. Now, a new report from the Online Trust Alliance (OTA) says that 100 percent of them are available through good practice, at least on the consumer side.

The OTA is a not-for-profit organization with the mission to enhance online trust and it has announced that every vulnerability or privacy issue reported for consumer connected home and wearable technology products since November 2015 could have been easily avoided. Specifically, OTA found that if device manufacturers and developers had implemented the security and privacy principles outlined in the OTA IoT Trust Framework, the recently reported susceptibilities would have never occurred.

 “In this rush to bring connected devices to market, security and privacy is often being overlooked,” said Craig Spiezle, Executive Director and President, OTA. “If businesses do not make a systemic change we risk seeing the weaponization of these devices and an erosion of consumer confidence impacting the IoT industry on a whole due to their security and privacy shortcomings.”

 The OTA Trust IoT Framework is the first global, multi-stakeholder effort to address IoT risks comprehensively. It includes a baseline of 31 measurable principles which device manufacturers, developers and policy makers should follow to help maximize the security of and privacy of the devices and data collected for smart homes and wearable technologies. OTA began developing the framework in February 2015, and released it formally in March 2016. This release reflected feedback from nearly 100 organizations including ADT, American Greetings, Device Authority, Infoblox, Malwarebytes, Microsoft, the National Association of Realtors, Symantec, consumer and privacy advocates, international testing organizations, academic institutions, and U.S. governmental and law enforcement agencies.

 “The Online Trust Alliance’s IoT Trust Framework includes valuable principles that companies should embrace to make sure consumer smart home technology is secure, private and sustainable for the future,” said Tom Salomone, President, National Association of REALTORS and broker-owner of Real Estate II in Coral Springs, Florida. “Device vulnerabilities need to be understood and addressed in order to protect what is near and dear to anyone using smart and connected device technology in their home.”

To come up with its findings, OTA researchers analyzed publicly reported device vulnerabilities from November 2015 through July 2016 to determine if an OTA IoT Trust Framework principle could have averted them. The “IoT Trust Framework Resource Guide” that includes examples of the reported vulnerabilities and respective principles, can be found at https://otalliance.org/IoT.

 OTA researchers found the most glaring failures were attributed to:

  • Insecure credential management including making administrative controls open and discoverable
  • Not adequately and accurately disclosing consumer data collection and sharing policies and practices
  • The omission or lack of rigorous security testing throughout the development process including but not limited to penetration testing and threat modeling
  • The lack of a discoverable process or capability to responsibly report observed vulnerabilities
  • Insecure or no network pairing control options (device to device or device to networks)
  • Not testing for common code injection exploits
  •  The lack of transport security and encrypted storage including unencrypted data transmission of personal and sensitive information including but not limited to user ID and passwords
  • Lacking a sustainable and supportable plan to address vulnerabilities through the product lifecycle including the lack of software/firmware update capabilities and/or insecure and untested security patches/updates

“Security starts from product development through launch and beyond but during our observations we found that an alarming number of IoT devices failed to anticipate the need of ongoing product support. Devices with inadequate security patching systems further open the door to threats impacting the safety of consumers and businesses alike,” said Spiezle.

 OTA reveled its findings at the American Bar Association’s 2016 Business Law Section Annual meeting in Boston, MA. 




Edited by Alicia Young
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Editorial Director

SHARE THIS ARTICLE
Related Articles

Rising Edge Computing Investments to Reach $350B by 2027, According to IDC

By: Alex Passett    3/27/2024

Worldwide spending on edge computing is expected to surge (and then keep going) for the foreseeable future, according to the International Data Corpor…

Read More

ZEDEDA Adds Lisa Edwards as New Board Member, Seeks Opportunities to Strengthen Operations and Scale

By: Alex Passett    3/26/2024

Earlier this morning, ZEDEDA announced the addition of Lisa Edwards to its board of directors.

Read More

An Existing IoT Collab, Emboldened: Digi International and Telit Cinterion Transform Solutions with 5G RedCap Integration

By: Alex Passett    3/25/2024

The ongoing industry collaboration between Digi International and Telit Cinterion signals strong support for the mainstream showcasing of 5G for IoT a…

Read More

Telit Cinterion's 5G LGA Modules, Powered by Snapdragon from Qualcomm, to Create a Big Leap in IoT Connectivity

By: Alex Passett    3/25/2024

Telit Cinterion recently unveiled its FE990B34/40 LGA family of modules, powered by the Snapdragon X72 5G Modem-RF System from Qualcomm Technologies, …

Read More

Embracing Innovation in Mining: The Role of Network-Aware Applications in the Digital Transformation

By: Special Guest    3/21/2024

Shabodi leverages private 5G network capabilities and enables the development of network-aware applications to enhance operational efficiency, automat…

Read More