me1611: how to save the smart home from cyber invasion · 251 55+ 219 sample by age group...
TRANSCRIPT
How to Save the Smart Home from Cyber Invasion
IoT DevCon 2017 Art Swift, President, prpl Foundation
IoT DevCon 2017
Smart Home Security Report 2016
Source: Smart Home Security Report 2016, prpl Foundation, September 2016 - https://prpl.works/smart-home-security-report/
Research Findings
A prpl Foundation Study
September 2016
Smart device adoption has reached a tipping point - the smart home is already here The smart home is woefully insecure due to users’ failure to follow best practices Smart home users prefer security to usability and are prepared to take more responsibility
IoT DevCon 2017
Methodology and demographics
Survey conducted by OnePoll in accordance with the Market Research Society code of conduct - data collected between 22.06.2016 and 01.07.2016
DE 200
FR 200
IT 200
JP 200
UK 200
USA 200
Sample by country
18-24 150
25-34 309
35-44 271
45-54 251
55+ 219
Sample by age group
Male 682
Female 518
Sample by gender
n=1,200 n=1,200 n=1,200
IoT DevCon 2017
Smart device adoption has reached the tipping point
Q1) Which connected devices do you use in your home?
0% 10% 20% 30% 40% 50%
Game console
Wireless printer
Smart TV
Media streaming device
Digital camera with Wi-Fi
Smart watch / Wearables
Home security
Toys
Home surveillance camera
Smart appliance
Top 10 Smart Home devices
0%
5%
10%
15%
20%
25%
0 1 2 3 4 5 6 7 8 9 10
Number of connected devices per smart home
Connected devices per Smart Home
IoT DevCon 2017
Many users never update their home gateway firmware
3) How many months has it been since the firmware on your router at home was last updated?
57%
20%
23%
Home gateway firmware updates
At least once a year Never done Didn't know was possible
IoT DevCon 2017
Many users never configure security settings
Q4) Do you or does anyone else in your household take the following measures to secure your home router?
37%
17%
46%
Home gateway security
Basic (password) Advanced None
0% 10% 20% 30% 40% 50%
Change admin password
Configure firewall policies
Enable MAC filtering
Use guest network for guest devices
Use guest network for home devices
Disable UPnP
Measures taken to secure the home gateway
IoT DevCon 2017
Too many firewall ports are unnecessarily open
Q5) How many services in your home (such as games consoles, VoIP apps such as Skype, etc.) require open ports on your home router firewall?
7%
32%
24%
8%
29%
Internet attack surface [firewall ports open]
Safe 1 - 2 3 - 4 5+ Don't know
IoT DevCon 2017
Most users prefer security over ease of use
Q6) When thinking about connected devices, what do you think is the most important out of the following?
51%
19%
30%
Consumer choice - security vs. ease of use
Security Configurable usability vs. security Ease of use
IoT DevCon 2017
Most users want to be responsible for security
Q7) From the following, who do you think should be most responsible for the security of your connected devices?
60% 20%
20%
Smart home security responsibility
End user Service provider Manufacturer
IoT DevCon 2017
… and would pay a premium for more secure devices
Q8)Which of the following statements best describes your views on connected devices?
32%
42%
26%
Would pay a premium for more secure devices
Security concerns keep me from buying more smart devices
I would pay a premium for more secure devices
I am not concerned about the security of smart devices
IoT DevCon 2017
Top 10 tips for better smart home security
Source: Smart Home Security Report 2016, prpl Foundation, September 2016 - https://prpl.works/smart-home-security-report/
IoT DevCon 2017
prpl Foundation Reference Publications
IoT DevCon 2017
Smart device adoption has reached the tipping point
Q1) Which connected devices do you use in your home?
FR IT DE UK USA JP
Total 5.8 5.0 4.5 2.6 2.4 1.0
0.0
2.0
4.0
6.0
Ave
rage
nu
mb
er o
f d
evic
es p
er s
mar
t h
om
e
Smart devices per household by country
IoT DevCon 2017
Many users never update their home gateway firmware
3) How many months has it been since the firmware on your router at home was last updated?
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
FR
DE
IT
JP
USA
UK
Home gateway firmware updates by country
Every 0-2 months Every 3 - 6 months Every 7 - 11 months Every 12+ months Never done Didn't know was possible Firmware what?
IoT DevCon 2017
Many users never configure security settings
Q4) Do you or does anyone else in your household take the following measures to secure your home router?
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
IT
DE
FR
USA
JP
UK
Users managing the security of their home gateway by country
Basic (password) Advanced None
IoT DevCon 2017
Most users prefer security over ease of use
Q6) When thinking about connected devices, what do you think is the most important out of the following?
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
JP
FR
DE
IT
USA
UK
Consumer choice - security vs. ease of use
Security Configurable usability vs. security Ease of use
IoT DevCon 2017
Most users want to be responsible for security
Q7) From the following, who do you think should be most responsible for the security of your connected devices?
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
UK
DE
FR
IT
USA
JP
Who should be most responsible for security
End user Service provider Manufacturer
IoT DevCon 2017
… and would pay a premium for more secure devices
Q8)Which of the following statements best describes your views on connected devices?
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
UK
USA
JP
DE
IT
FR
Consumers would pay a premium for more secure devices
Security concerns keep me from buying more smart devices I would pay a premium for more secure devices
I am not concerned about the security of smart devices
IoT DevCon 2017
Too many firewall ports are unnecessarily open
Q5) How many services in your home (such as games consoles, VoIP apps such as Skype, etc.) require open ports on your home router firewall?
0% 20% 40% 60% 80% 100%
FR
IT
DE
UK
USA
JP
Internet attack surface by country [number of services requiring open ports on the firewall]
Safe 1 - 2 3 - 4 5+ Don't know