“Almost 4 out of 5 companies examined still fail to implement even basic measures to be able to report security gaps.” This is “unacceptable” and “should worry regulators, end users and corporate customers”. That is the assessment of the Industry Association IoT Security Foundation (IoTSF), which has examined several hundred companies for the third time since 2018 that sell IoT and smart home devices, but also WiFi routers and computers.
The IoTSF is investigating how to report security vulnerabilities to manufacturers of IoT devices.
The IoTSF did not examine the security of the IoT devices, but rather the concepts and policies of the respective manufacturers in order to be able to report security gaps in a comprehensible manner, for example by security researchers. This also means that companies check these security gaps, publish them (Disclosure) and finally close them.
background of the IoTSF investigation from November 2021 (PDF file) is, among other things, that some countries such as the USA and also the EU (ETSI TS 103 701) will soon want to enforce stricter rules for dealing with IoT security gaps. Companies that do not adhere to these rules will eventually no longer be able to sell their products on these markets.
Only 68 of 338 companies examined by the IoTSF have publicly recognizable concepts for dealing with reported security vulnerabilities.
The IoTSF study found clear differences depending on the product category. All of the companies examined that sell smart TVs have implemented publicly comprehensible policies for reporting security gaps, but only around 12.5 percent of manufacturers of networked audio devices, 4.9 percent of manufacturers of smart lamps and 19.6 percent of Manufacturer of “security” products such as electronic door locks and alarm systems.
Time and again, studies come to the conclusion that the security of networked devices is poor. This also applies to networked business devices and medical electronics.
Disclaimer: This article is generated from the feed and not edited by our team.