OWASP Releases Latest Top 10 IoT Vulnerabilities
The growing list of internet-connected devices bring amazing benefits to our lives—from fitness trackers and the products that control our door locks, appliances, and energy use in our homes to the systems that deliver water and power to buildings. There are forecasts projecting there will be almost 31 billion IoT devices worldwide by 2020. Inevitably, the sharing of valuable information that brings this convenience also brings security concerns. What are the top security risks when building, deploying, or managing IoT systems?
The Open Web Application Security Project, or OWASP, has released the OWASP Top 10 Internet of Things 2018 list of the highest priority issues. Updated for the first time since 2014, here’s the current ranked list of the top issues and things to avoid:
- Weak, guessable, or hardcoded passwords
- Insecure network services
- Insecure ecosystem interfaces
- Lack of secure update mechanism
- Use of insecure or outdated components
- Insufficient privacy protection
- Insecure data transfer and storage
- Lack of device management
- Insecure default settings
- Lack of physical hardening
It’s no surprise that weak passwords topped the list of security vulnerabilities. The growing ecosystem of IoT devices means more connection points and more passwords to manage and remember. Unfortunately, a report listing the top worst passwords leaked on the Internet during 2018—“123456” and “password”—has remain unchanged for the fifth straight year.
The next update to the OWASP IoT project will come in 2020. It will be interesting to see if there are many changes and what they will be.
OWASP is a worldwide not-for-profit organization focused on improving software security. The OWASP Internet of Things Project was developed to help manufacturers, developers, enterprises, and consumers gain a better understanding of security issues when creating and using IoT systems.