- Security TWENTY
- Women in Security Awards
A non-profit body has unveiled its global study on the use of smart devices in a domestic setting. The report for prpl Foundation, conducted through OnePoll, covers the proliferation of smart device use and security within the home. It surveyed 1200 respondents across the US, UK, France, Germany, Italy and Japan to see what measures people take to secure their smart homes and their attitudes about the security of devices. Findings include:
• The smart home is already here and device adoption in certain cases has reached a tipping point
• The smart home is woefully insecure due to users’ failure to follow best practices
• Consumers prefer security to usability, and they’re prepared to take more responsibility if it means living in a safer home
The study also found that geographically speaking, reported adoption of smart devices per household was strongest in the continental European nations of France (5.8 devices), Italy (5) and Germany (4.5), with the UK (2.6) and US (2.4) around the same level as each other. Japan has an average of just one smart device per home.
Art Swift, president of the prpl Foundation, said: “Little research has been done on a large enough scale to uncover the level of penetration of smart devices in the home, and more importantly, the security implications. What we’ve uncovered is that the smart home is actually mainstream, as 83 per cent confess to having connected devices, not including laptops, computers and smartphones, in use in their homes. Game consoles, wireless printers and smart TVs were the most popular and yet security concerns have been raised about all three over recent years.
“Once it was established how pervasive smart technology in the home is, we also wanted to find out whether consumers are aware of the risks of the connected home and if homeowners would ultimately take responsibility for securing this new cyber domain, just as they would their physical front doors.”
The cyber equivalent to the front door is the home router, as the conduit through which domestic internet traffic passes. But while home owners traditionally lock their physical front doors, the study found that many are failing to secure their smart home by securing their routers. Failure to patch vendor updates could open critical vulnerabilities which hackers can take advantage of to eavesdrop on traffic and hijack smart devices.
The main findings are:
• Over half of respondents (57 per cent) said they updated the router firmware “at least once a year.” But 20 per cent of respondents have never done so, and 23 per cent didn’t even know it was possible.
• Firewall ports should never be opened, yet users often think they need to be open in order for their internet-connected home services to work. An extraordinary 93 per cent of consumers regularly leave one or more ports open on their router firewall.
• Nearly half of respondents (46 per cent) have never configured their router security settings.
As for consumer attitudes towards security and how open they are to trading off usability and minor inconvenience for a more secure device; while consumer electronics makers have often acted on the basis that security interferes with usability – that it’s commercially imprudent to release more secure devices or systems which are slightly less user friendly, the study shows that consumers would favour security over ease-of-use.
Findings in this area include:
• Users are prepared to take more responsibility for security. Some 60 per cent of respondents said they think the home user should take ownership of securing their connected devices, versus the manufacturer (20 per cent) or service provider (20 per cent).
• Over 40 per cent of respondents would generally prefer to pay more for more secure devices.
Cesare Garlati, chief security strategist for the prpl Foundation, said: “As is the case with so many things in life, what users say they would do and what they actually do fail to align, and this has to be down in large part to education. However, it is heartening to see consumer attitudes shifting somewhat and this is something the IoT industry in general would do well to take note of.”