IoT Devices List: The Top 11 Most Insecure IoT Devices

Originally published on TechRepublic.

It’s no secret Internet of Things (IoT) devices aren’t the most secure–but what devices are the worst offenders? Tech and security experts told TechRepublic helped develop this IoT devices list to explain which device types were the most insecure.

1. Video cameras

First on this IoT devices list are various forms of video cameras won out, especially those meant to be low cost, consumer options.

“Based on data available, it’s apparent that connected video cameras are currently the least secure connected devices,” Lancen LaChance, vice president of product management, IoT Solutions for GlobalSign, said. “The issues in these devices can be attributed to weak supply chain controls, which has resulted in the insecure and lack of vetted software being incorporated in a range of devices. By incorporating shared access credentials in the designs, a compromise of one camera has exposed entire product lines.”

2. Baby monitors

While new parents may find it convenient to connect smart baby cameras to their smartphone, ASecureLife.com security expert Emily Patterson said most monitors aren’t designed to be secure.

“Some parents may not think to change the default password, which leaves the device open to anyone who knows or finds the simple password to that batch,” Patterson said. “The firmware on these monitors doesn’t necessarily update automatically which, again, leaves them open to hacks.”

3. Environment monitoring sensors

Sensors are necessary for many connected devices, especially things that adjust based on the environment or how many people they sense. While small, they’re not necessarily secure.

“Sensors for environment monitoring and RFID tags for supply chain are typical devices that are connected but have no built-in security in order to keep the cost of devices low enough that it can be widely deployed/adopted,” Raullen Chai, co-founder of blockchain company IoTeX, said. “Security doesn’t come for free; it requires a certain amount of computation, storage, and power. For IoT, there is a natural tradeoff among usability, security, privacy and cost.”

4. Medical devices

Medical devices and monitors can be crucial to keeping patients alive, but some of them may not be the safest.

“Many run on legacy operating systems and are designed to operate for many years on its original design,” Xu Zou, CEO of ZingBox, said. “Imaging devices, patient monitors and infusion pumps, if compromised, can reveal sensitive patient data, and even disrupt critical patient care.”

5. Overlooked office devices

Some of the least secure devices are the ones that don’t really belong to anyone person and are typically unnoticed: Office devices. This can include conference room TVs or connected coffee pots in the break room, Portnox CEO Ofer Amitai said. They are naturally less secure as they’re typically meant for consumers, but bring more risks because they’re in a corporate environment, Amitai said.

6. Children’s toys

Right smack in the middle of this IoT devices list are children’s toys. While much of the consumer IoT space has lower security levels, connected children’s toys may be especially vulnerable.

“IoT toy manufacturers continue to prioritize time-to-market and low cost over more thorough testing and security in an effort to penetrate the fast-moving market,” Zvelo IoT security analyst Louis Creager said. “Devices will need to get significantly more secure–the question is whether that change will be brought about by the device manufacturers, consumers, government regulators, or the network providers.”

7. Cell phones

Not all smartphones are unsecure. But those hosting third-party apps not downloaded from official app stores could run a much higher risk of a security attack.

“On Android and iOS, the AppStore and the Google Play Store provide a level of security,” Julian Weinberger, director of systems engineering at NCP Engineering, said. “Devices which avoid these stores are usually less secure and more likely to be compromised.”

8. Smart door locks

“There has been a lot of discussion around the hacking of connected devices to obtain sensitive information and data, and it seems that smart door locks have been at the center of this,” Randy Petersen, senior sales engineer at Utimaco, said. “These connected home security devices are vulnerable to begin with since they have a very low-end networking and or radio device handling the task of managing the lock, and controlling the access using some form of multi factor authentication.”

Like other consumer-centric items, it seems the cheaper the item is, the more vulnerable it is. Petersen recommends researching the device’s security–it may lead someone to buy a more expensive, albeit more secure, model.

9. Wireless routers

Consumer products can be risky because some consumers are unwilling to pay for extra security, leading to unsold products and low revenue for businesses. One of the victims of this situation are wireless routers, Kevin Hartman, vice president of strategic initiatives at SPR, said.

“The majority of so many of these devices were built years ago at moderate prices and with little regard for a tighter initial setup,” Hartman said of routers.

10. Printers

“Though it might seem surprising, an unconfigured printer can jeopardize the security of a corporate network by leaving it vulnerable to discovery and remote access,” Christoph Schell, Americas region president for HP, said. “This, coupled with the highly sensitive information printers regularly host, make them perfect targets for cybercriminals looking to steal company data.”

The office printer can get a security boost by changing the passwords and limiting access to authorized personnel, Schell said.

11. Connected cars

Last on this IoT devices list are self-driving and connected cars. Emerging as a technology with more connected options being touted at CES 2018, cars are becoming an at-risk IoT device, Josh Jabs, the general manager of IoT solutions at Entrust Datacard, said.

“While there may be other devices, such as connected speakers or washing machines that technically have less security built into them, their privacy and safety risks are much less severe,” Jabs said. “If hacked, the car can provide hackers with access to location and destination information, as well as remote access to the car’s functions such as braking or steering.”