Mobile Apps and IoT Devices Are an Overlooked Security Risk by Consumers – and That's a Problem

Today, Norton Setup released findings from a survey of more than 5,000 consumers from the U.S., U.K., Canada, Australia, and Japan about their fears of and forays into the connected world. The survey makes clear that there are two types of people: those who understand smartphones and IoT devices come with risks, and those who do not.  

More than half of respondents globally (56 percent) say the prospect of the financial and banking information stored on their phones being hacked is upsetting. What is more striking is that nearly half either do not care about their information being hacked or they are less concerned about financial hacks than other information being compromised.

For nearly 10 percent of smartphone users, there is not a single thing a hacker could take from their phone that would upset them. This includes text and voice messages, pictures and videos, mobile app-controlled home security cameras and appliances. They see it as a device they talk to friends with and check on social media. They use it to easily manage their money. They don’t think anything bad could happen on a smartphone.

We are seeing this split with IoT devices in the US as well.

Globally, consumers feel just slightly more comfortable using banking and financial apps (56 percent) than apps for home entry (44 percent). We have seen an endless array of IoT devices present severe security weaknesses. Yet in the US, 39 percent of consumers say they would feel secure using a home entry app that allows them to open the door remotely for friends and family.

Getting hacked is not something consumers worry about with the devices they use to monitor their children or to lock their front doors. Most of the research into attacks on IoT devices have focused on attacking the device directly, but there is another way these devices are at risk: many IoT devices are controlled by mobile apps. Control someone’s phone and you can control their IoT devices. The risk to consumers moves from online and into their home – it’s personal.

The point is not to panic, nor is it to stop using these devices. Mobile apps and IoT devices aren’t going away. In fact, 60 percent of US respondents use mobile apps to manage both connected devices and their personal finance. 26 percent control their home entertainment components with a mobile phone, and 16 percent have connected home devices such as security cameras, alarms, home entry systems, baby monitors, light bulbs, light switches, and appliances.

We want the people who are not concerned about hacking to understand the risk.

In January 2016, Norton scanned the approximately 25 million Android apps in our database. 40 percent of the 94 app stores we scanned exhibited malicious behavior. We identified more than 9 million malicious apps and found more than 16 million apps with potential privacy or intrusive behaviors. These apps can send sensitive information from your phone, including your account and device details, browser history, location, and call logs from the device without encryption. The intrusive behaviors include adding browser favorites, putting up big banner ads, or changing desktop images or ringtones.

Staying Safe with Mobile Apps and IoT Connected Devices

Whichever kind of person you are, you need to stay safe. And whatever type of IoT device or mobile app you want to use there are some simple, best practices you can adopt.

Protecting Mobile Devices

• Use a reputable mobile security app. Norton Setup Mobile Security pre-scans Android apps and identifies potential vulnerabilities before downloading from Google Play. You should know what you’re downloading before it gets on your device.
• Download apps from official app stores. Third-party app stores may not put apps through the same rigor as official app stores such as the Google Play Store or Apple’s App Store.
• Be mindful of your app settings. Beware of apps that ask you to disable settings that protect you from installing insecure apps. This makes your device more vulnerable and opens you to attacks.

Protecting IoT Devices

• Keep your device current. Make sure you install the latest updates on your device, whether automatically or when sent from the manufacturer.
• Protect your device. Set strong and unique passwords on these devices. Use a combination of at least eight letters, numbers, and symbols.
• Be stingy with your device. Protect the communication shared between your device and network by using encrypted communication on your home Wi-Fi (like WPA2) to connect the device. Better yet, use a hard-coded network connection, such as a LAN connection. If you have a feature on your device, you don’t use, turn it off.