The majority of respondents said they had some IoT device in their homes. There was no significant gap between genders, but different age groups had different devices. Younger people were more likely to have smart speakers, game consoles, and children’s devices. In contrast, the likelihood of having no IoT devices went up with age. The number of devices also went up with income. This was more pronounced with devices that were part of house fixtures, such as security or heating and lighting.
Even though having more devices increases the chance of an attack, it doesn’t affect users’ behavior. For example, almost 95% of people in the UK have some IoT device. However, of the countries surveyed, respondents in the UK took the least action against the risks: almost 1 in 5 take no measures to protect themselves. And while people from Canada and the Netherlands have the best security habits, the French are generally safer by having fewer devices to begin with.
More than half of people believe that making sure their devices are safe is solely their responsibility rather than the manufacturers’. Unfortunately, this belief doesn’t reflect in their behavior, creating a privacy paradox. Even when they are aware of potential risks and believe it’s their responsibility to mitigate them, people don’t take any action. This behavior is mostly fueled by the belief that attacks only happen to other people, so users start caring about their privacy only after they’ve suffered from a hack themselves.
The history of IoT is a history of security and privacy problems. Nevertheless, these devices are going to dominate our homes, industries, and cities more and more. Statista reports that the worldwide IoT spending may reach over $1 trillion by 2023. More devices are likely to bring more issues and vulnerabilities that cybercriminals can exploit. However, with the growth of IoT, we also expect to see governments getting more involved, better regulation initiatives, and higher awareness among users.
The best way to avoid IoT risks is not to buy any devices. But as neither users nor manufacturers would like this solution, all of us need to pick up the slack. Users must demand that companies follow the best security practices while taking better care of their own privacy. IoT manufacturers have to come up with additional ways to protect their devices and their users’ data. And government agencies need to regulate this process as the usage of IoT devices grows in both the private and public sectors.
Jules Verne’s Paris in the Twentieth Century is rejected for its dystopian vision of smart technologies.
The Jetsons brought “smart” devices to TV screens, with mishaps aplenty.
TCP is published, a key protocol but a major source of vulnerabilities.
A Coke machine is connected to ARPANET, but Coke engineers aren’t happy.
Talkie Toaster in Red Dwarf shows how annoying smart devices can be.
John Romkey gets in trouble with Interop for his internet-connected toaster.
First use of the name Internet of Things (IoT).
Psyb0t is the first malware targeting routers.
Shodan is launched — a search engine for unsecured devices.
Stuxnet is uncovered — the first worm to attack connected industry systems.
The Carna botnet attacks routers with default or no passwords.
Linux.Darlloz infects IoT devices via a PHP vulnerability.
BASHLITE infects IoT cameras to create DDoS attacks.
Vigilante malware Linux.Wifatch starts fixing vulnerable devices.
Ring doorbell cameras prove easy to hack.
Remaiten malware exploits commonly used passwords.
The Mirai botnet uses thousands of IoT devices for huge DDoS attacks.
Vulnerabilities in connected heart implants reported.
Vigilante malware Hajime fights Mirai.
BrickerBot brute forces Telnet passwords to brick devices.
A series of smart assistant privacy revelations.
A class action lawsuit is brought against Ring for weak security.
Name:Wreck exposes 100 million IoT devices.
To gain a better understanding of the user aspect of IoT, we conducted a survey via CINT. 7000 people were surveyed in total, made up of 1000 people from each of the following countries: Australia, Canada, France, Germany, the Netherlands, the UK, and the US. Participants formed representative samples across gender, age, family situation, and income levels.
The questions revolved around which IoT devices people had in their homes, what measures they took to secure them, and whose responsibility they thought it was to ensure the security of IoT devices. Survey results were cross-referenced with a new user-focused classification of the main vulnerabilities of IoT devices.
The timeline and classification were generated by reviewing the key literature on IoT security and vulnerabilities, as well as looking at press coverages of major attacks.
We analyzed how people share their personal devices and what measures they take to protect themselves and their family members online.
Thousands of users tested their cybersecurity-savvy. Find country rankings and average scores in different demographics.