Published on May 31st, 2016 | by Admin
Norton Survey Reveals Australians Overlook Security Risks on Mobile Apps for IoT
SYDNEY, Australia – 31 May 2016 – Norton by Symantec today released survey findings from more than 5,000 consumers from Australia, the USA, UK, Canada and Japan about consumer fears associated with the changing ‘connected world’ and the proliferation of the Internet of Things (IoT). The survey reveals adoption of the use of mobile apps to control connected devices is highest in Australia, with almost two-thirds (63 percent) of the Australian respondents using at least one mobile app to manage their finances or control connected devices such as home entertainment systems, fitness trackers, baby monitors, cars, home entry systems, light switches and smart home appliances.
Despite the high adoption, many Australians overlook the endless array of security weaknesses that may be present in managing IoT devices from mobile apps. For example, more than one in four Australians (28 percent) say they would feel secure using a home entry app that allows them to open the door remotely for friends and family, while they are away from their home. In addition, two-thirds of Australians (66 percent) do not have security software on their smartphones and almost a third (33 percent) choose not to have a password or pin on these devices [1].
While more than half of respondents globally (56 percent; 61 percent in Australia) say the prospect of their financial and banking information stored on their phone being hacked is upsetting, for nearly 10 percent of smartphone users around the world (seven percent in Australia), say there is not a single thing a hacker could take from their phone that would upset them. This includes text and voice messages, pictures and videos, mobile app-controlled home security cameras and appliances.
“There is a general lack of security awareness amongst consumers when it comes to managing IoT devices from mobile apps. Getting hacked is not something consumers worry about with the devices they use to monitor their children, lock their front doors or manage their entertainment systems,” said Mark Gorrie, Director, Pacific region, Norton by Symantec.
“Most of the research into attacks on IoT devices has focused on attacking the device directly, but there is another way these devices are at risk: many IoT devices are controlled by mobile apps and by not protecting these apps, Australians are leaving the door wide open for hackers.”
In 2015, Norton by Symantec scanned approximately 11 million Android apps in its database. Of these apps, 3.3 million were identified as malicious and a further 3 million apps had potential privacy or intrusive behaviours. These apps can send sensitive information from your phone, including account and device details, browser history, location and call logs from the device without encryption. The intrusive behaviours include adding browser favourites, putting up big banner ads, or changing desktop images or ringtones.
“The solution is not to panic, nor is it to stop using these devices. Mobile apps and IoT devices aren’t going away but there are some simple, best practices Australians can adopt to keep their IoT devices and mobile apps secure,” added Gorrie.
Protecting Mobile Devices
- Use a reputable mobile security app. Norton Mobile Security pre-scans apps and identifies potential vulnerabilities before downloading Android apps. You should know what you’re downloading before it is on your device.
- Download apps from official app stores. Third-party app stores may not put apps through the same rigour as official app stores such as the Google Play Store or Apple’s App Store.
- Be mindful of app settings. Beware of apps that ask you to disable settings that protect you from installing unsecure apps. This makes your device more vulnerable and opens you to attacks.
Protecting IoT Devices
- Keep the device current. Make sure you install the latest updates on your device, whether automatically or when sent from the manufacturer.
- Protect the device. Set strong and unique passwords on these devices. Use a combination of at least eight letters, numbers and symbols.
- Secure communications between the device and network. Protect the communication shared between your device and network by using encrypted communication on your home Wi-Fi (like WPA2) to connect the device. Better yet, use a hard-coded network connection, such as a LAN connection. If you have a feature on your device you don’t use, turn it off.
[1] Norton Cyber Security Insights Report, November 2015