Bitdefender & Netgear report reveals major IoT vulnerabilities
A new report on the security state of Internet of Things (IoT) devices has been published by Bitdefender in collaboration with Netgear. The 2024 IoT Security Landscape Report examines the vulnerabilities prevalent in IoT devices and suggests measures to mitigate such risks. The report draws on data from 3.8 million households worldwide.
One of the critical revelations in the report is that nearly all attacks, amounting to 99.3%, against IoT devices exploit previously identified Common Vulnerabilities and Exposures (CVEs). This finding underscores the necessity for users to ensure their devices are consistently updated with the latest patches and software.
The report shows a dramatic increase in the number of IoT devices, with more than 15 billion devices now connected globally. This expansion has widened the attack surface, making it easier for cybercriminals to target vulnerabilities in IoT frameworks. For example, weaknesses in the ThroughTek Kalay platform have exposed millions to potential privacy breaches.
Bitdefender's smart home security solutions reportedly block approximately 2.5 million threats every day. This constant threat level highlights the importance of robust security measures for home networks. The report identifies specific devices that are particularly susceptible to attacks, including television sets, smart plugs, and digital video recorders (DVRs). Television sets are especially prone to vulnerabilities due to their long operational lifespan and eventual lack of software support.
The report also touches on the risks associated with mobile devices. Findings from another Bitdefender study, the 2024 Consumer Cybersecurity Assessment Report, reveal that 78.3% of respondents use mobile devices for sensitive transactions. Despite this, 44.5% do not employ any form of mobile security solutions, leaving them vulnerable to malware, phishing attempts, and data breaches.
In response to the increasing risks associated with IoT devices, the US government has introduced the Cyber Trust Mark. This certification is designed to help consumers recognise IoT devices that adhere to stringent security standards, such as strong credentials, regular updates, and data protection. While this trust mark aims to guide consumers towards more secure IoT products, its implementation is not immediate. Until then, the report emphasises that securing IoT devices will largely remain the responsibility of individual users.