US users worry about identity theft, data leaks but still click on malicious links, use weak passwords, Bitdefender finds

By now, we have all acknowledged the benefits the Internet of Things has to offer not only to the daily lives of consumers, but also to city infrastructures, governments and enterprises.

But how security-aware are consumers? According to a Bitdefender survey, the average US home has about 11 smart devices. Even though users are excited about incorporating connected devices in their lives, the most popular remain smartphones (91%), smart TVs (73%) and tablets (72%).

However, many smart devices are released without in-built security, and because it’s basically impossible to install traditional security on smart devices, users need multi-layered security to protect their smart environments. Otherwise, hackers take advantage of vulnerabilities to launch complex attacks and corrupt devices for larger scale attacks.

Users share the blame – weak, single password used for multiple devices, careless browsing experience and clicking on suspicious links or attachments, as well as failure to update software and firmware, enable hackers to access their home networks.

According to BOX telemetry, 64 percent of attacks blocked consist of untrusted URLs and 25.8% are phishing URLs. 5% of all internet-connected devices ran on weak passwords, representing either hidden or vendor backdoors, as well as weak logins. As many as 50 percent of printers have the weakest password in a US smart home, but only 5% of IP cameras were found with weak passwords. What’s worse, 5 out of 10 smart TV users haven’t updated the software apps on their devices in over a month, while 6 out of 10 users did not perform any firmware updates on their wireless router throughout its lifespan.

The study found identity theft and data leaks are among top concerns for US smart device owners, as a result of unencrypted networks and vulnerability exploits. 61% of smart device users store personal information on their computer or laptop, while only 11% store their information on dedicated storage solutions attached to their home network (NAS).

In 30 days Bitdefender BOX blocked 461,718 threats, out of which 75.97% were web-based (dangerous websites). 95% of vulnerabilities were common vulnerabilities and exposures (CVE), the most common being Denial-of-Service (42%), Overflow (21%), Code Execution (10%), Obtain Information (7%), Bypass Restriction (3.8%), and Memory Corruption (3.4%).

More details on the research can be read and analyzed in The IoT Threat Landscape and Top Smart Home Vulnerabilities in 2018 whitepaper.