Digital consumer protection: Numerous security gaps in IoT devices, routers & health apps. Study by the TÜV association and investigations by the BSI reveal many security gaps.
Due to technological progress and an ever-increasing range of new digital consumer products, the digital consumer market continues to grow steadily. At the same time, however, it also offers new attack surfaces for cyber criminals. So what about IT security? The Federal Office for Information Security (BSI) investigated this question. And discovered numerous security deficiencies in IoT devices, WiFi routers and health apps.
Countless security incidents in the IoT area
Only at the beginning of the year did a study by the TÜV Association reveal the security concerns of many German citizens about smart home devices. According to this, 66 percent of those surveyed believed that there was a very high risk that smart devices could become the target of a hacker attack. The new investigation by the BSI makes it clear: The skepticism within the population is definitely justified. Security incidents increased in 2020, especially in the area of IoT applications. Here security gaps in specific products as well as weak points in the central security architecture of IoT devices and hardware in general were discovered. Connected doorbells and smart toys were among the things affected.
So one reported on Security analyzes by an IoT specialist company in the run-up to Christmas of over 7.000 vulnerabilities in 6 randomly selected products, including children's toys. Outdated software with known security gaps, insecure remote maintenance access or inadequate encryption threaten the intimate and privacy of consumers, especially children.
The TÜV association is now countering the dangers associated with such unsafe products in the Consumer Internet of Things (CIoT) with the new CyberSecurity Certified (CSC) mark. This is intended to mark corresponding CIoT products according to the test levels Basic, Substantial and High, ensure more trust among consumers in the future and offer better orientation.
Deficiencies in the IT security of WLAN routers
As the heart of every networked household, the WLAN router - and above all its IT security - is of particular importance. Nevertheless, Stiftung Warentest found in March 2020 that almost half of all routers examined had security deficiencies. This was also confirmed in the “Home Router Security Report 2020” published by the Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE). Here the experts found weak points in all 127 devices tested. With some copies even hundreds. In addition, 46 routers had not received any security updates for at least a year.
Health apps: pent-up demand in terms of IT security
Health apps in particular that work with sensitive data generally have a higher need for protection. Market observation by the BSI showed, however, that despite the high need for protection of the data, there is still a lot of catching up to do in terms of IT security. Among other things, the authority encountered a lack of processes for updates and the handling of weak points or the inadequate implementation of technical and organizational measures.
More on the topic and how manufacturers of IoT devices or routers as well as developers of health apps can protect themselves against security gaps can be found online.
More at TuvIT.de
TÜV information technology
TÜV Informationstechnik GmbH is geared towards testing and certifying security in information technology. As an independent testing service provider for IT security, TÜV Informationstechnik GmbH is an international leader. Numerous customers already benefit from the company's tested security. The portfolio includes cyber security, evaluation of software and hardware, IoT / Industry 4.0, data protection, ISMS, smart energy, mobile security, automotive security, eID and trust services as well as testing and certification of data centers with regard to their physical security and high availability.