Norton UK Blog
Mobile Apps and IoT Devices are an Overlooked Security Risk by Consumers – and That’s a Problem
By Kevin Haley, Director, Security Response, Norton by Symantec
Today, Norton released findings from a survey of more than 5,000 consumers from the US, UK, Canada, Australia and Japan about their fears of and forays into the connected world. The survey makes it clear that there are two types of people: those who understand smartphones and IoT devices come with risks, and those who do not.
More than half of respondents globally (56 percent; 52 percent in the UK) say the prospect of the financial and banking information stored on their phone being hacked is upsetting. What is more striking is that nearly half either do not care about their information being hacked or they are less concerned about financial hacks than other information being compromised.
For nearly 10 percent of smartphone users around the world, there is not a single thing a hacker could take from their phone that would upset them. This includes text and voice messages, pictures and videos, mobile app-controlled home security cameras and appliances. They see it as a device they talk to friends with and check on social media. They use it to easily manage their money. They don’t think anything bad could happen on a smartphone.
We are seeing this split with IoT devices in the UK as well.
Globally, consumers feel just slightly more comfortable using banking and financial apps (56 percent) than apps for home entry (44 percent). We have seen an endless array of IoT devices present severe security weaknesses. Yet in the UK, 23 percent of consumers say they would feel secure using a home entry app that allows them to open the door remotely for friends and family.
Getting hacked is not something consumers worry about with the devices they use to monitor their children or to lock their front doors. Most of the research into attacks on IoT devices has focused on attacking the device directly, but there is another way these devices are at risk: many IoT devices are controlled by mobile apps. Control someone’s phone and you can control their IoT devices. The risk to consumers moves from online and into their home – it’s personal.
The point is not to panic, nor is it to stop using these devices. Mobile apps and IoT devices aren’t going away. In fact, 53 percent of UK respondents use mobile apps to manage both connected devices and their personal finance. 21 percent control their home entertainment components with a mobile phone, and 14 percent have connected home devices such as security cameras, alarms, home entry systems, baby monitors, light bulbs, light switches and appliances.
We want the people who are not concerned about hacking to understand the risk.
In January 2016, Norton scanned the approximately 25 million Android apps in our database. 40 percent of the 94 app stores we scanned exhibited malicious behaviour. We identified more than 9 million malicious apps and found more than 16 million apps with potential privacy or intrusive behaviours. These apps can send sensitive information from your phone, including your account and device details, browser history, location and call logs from the device without encryption. The intrusive behaviours include adding browser favourites, putting up big banner ads, or changing desktop images or ringtones.
Staying Safe with Mobile Apps and IoT Connected Devices
Whichever kind of person you are, you need to stay safe. And whatever type of IoT device or mobile app you want to use there are some simple, best practices you can adopt.
Protecting Mobile Devices
- Use a reputable mobile security app. Norton Mobile Security pre-scans apps and identifies potential vulnerabilities before downloading an app. You should know what you’re downloading before it gets on your device.
- Download apps from official app stores. Third-party app stores may not put apps through the same rigour as official app stores such as the Google Play Store or Apple’s App Store.
- Be mindful of your app settings. Beware of apps that ask you to disable settings that protect you from installing unsecure apps. This makes your device more vulnerable and opens you to attacks.
Protecting IoT Devices
• Keep your device current. Make sure you install the latest updates on your device, whether automatically or when sent from the manufacturer.
• Protect your device. Set strong and unique passwords on these devices. Use a combination of at least eight letters, numbers and symbols.
• Be stingy with your device. Protect the communication shared between your device and network by using encrypted communication on your home Wi-Fi (like WPA2) to connect the device. Better yet, use a hard-coded network connection, such as a LAN connection. If you have a feature on your device, you don’t use, turn it off.