Assessment of 7 million connected devices pinpoints Coolpad devices as most frequently vulnerable mobile hotspots and HP Printers as source of dangerous backdoor
BOSTON, Mass. — February 24, 2016 — New industry research sponsored by Pwnie Express finds that as risk and concern around connected Internet of Things (IoT) devices continues to grow, resources and visibility into such connected devices have stagnated despite the introduction of countless new entry points for malicious actors across the enterprise.
The survey of more than 400 global IT security professionals examines the growing phenomenon referred to as the Internet of Evil Things (IoET) ™. “The Internet of Evil Things: Top Connected Device Threats 2016” shows that as awareness of vulnerable devices grows in 2016, information security (InfoSec) professionals are not ready or equipped to address the growing threat.
The Connected Device Problem
Today, 86 percent of InfoSec professionals are concerned with connected device threats, with 50 percent either “Very” or “Extremely Concerned.” The majority of InfoSec professionals (67 percent) are more worried about connected device threats than they were a year ago, with first- hand experience driving heightened concern: 55 percent have witnessed an attack via wireless device, and 38 percent have witnessed an attack via mobile device.
Due to the proliferation of wireless and mobile devices and the prevalence of BYOD and BYOx environments, IT security professionals seeking visibility find themselves swimming in increasingly murky water, as 37 percent can’t even tell how many devices are connected to their networks. Additionally, 40 percent note their organization is “Unprepared” or “Not prepared at all” to find connected device threats. Diving deeper into the findings, the water seems to get even murkier:
Most security professionals are not ready to monitor or detect less-common RF and off-network IoT Devices.
Eighty-nine percent cannot see Bluetooth devices, and 87 percent cannot monitor 4G/LTE devices in real time.
Seventy-one percent cannot monitor off-network WiFi devices in real time.
Fifty-six percent cannot monitor on-network IoT devices in real time.
Subsequently, the vast majority (71 percent) is concerned with devices in a default, misconfigured, or vulnerable state, including devices with default passwords and “Wide-open” settings. Additionally, more than half (51 percent) are concerned about unauthorized mobile devices, access points and wearables. Corporate sponsored BYOD is also a source of concern (36 percent), as are personal 4G/LTE hotspots and broadband USB dongles (24 percent).
Vulnerable Device Findings: A Real-World Assessment of 7 Million Connected Devices
As part of this research initiative, Pwnie Labs, the research and development division at Pwnie Express, aggregated and analyzed more than 7 million wireless and wired devices detected by the SaaS-based Pwn Pulse platform, which enables broad-spectrum device visibility of BYOx/mobile, wireless, Bluetooth, wired, and other connected devices on and around enterprise networks, to identify the following year-over-year trends when comparing 2014 and 2015 data:
Coolpad devices, at 30 percent, have overtaken Samsung as maker of devices accounting for the most prevalent vulnerable mobile hotspots.
HP Print, at 56 percent, has overtaken Xfinitywifi as the most common default open wireless network.
HP printers are the most prevalent wireless devices deployed in a highly vulnerable default configuration at 56 percent; while exposing confidential print jobs and compromising corporate client devices, these printers can be also used as a backdoor into private corporate networks.
Wireless Access Points (APs) remain vulnerable: 35 percent of APs within the last six to 12 month show weak or no encryption.
“As the IoT universe continues to grow, the corresponding attack surface for malicious actors is growing, giving them an easy and unsecured way into your organization’s most sensitive information – and this has understandably put information security professionals on edge,” said Paul Paget, CEO, Pwnie Express. “Yet, despite ever-growing concerns around the proliferation of connected devices on and around their networks, more than one-third of organizations admit to having no BYOD policy in place at all and only 24 percent actually have a budget in place for BYOD security technology. This tells us that security professionals desperately need help educating the corner office and those in charge of the purse strings about the new evils and dangers their organizations face in our ever-evolving IoT world.”
To download a free copy of “The Internet of Evil Things: Top Connected Device Threats 2016,” please visit: http://info.pwnieexpress.com/2016-ioet-report. For questions or comments, please get in touch with us at firstname.lastname@example.org.
“The Internet of Evil Things Report: Top Connected Device Threats in 2016” is based an online study conducted by Pwnie Express in December 2015. Survey respondents included more than 400 global information security professionals. Additionally, the report includes aggregate analysis of 7 million wireless and wired devices detected by Pwn Pulse, performed by the Pwnie Labs research team.
About Pwnie Express
Pwnie Express provides threat detection of the billions of devices in and around your workplace. By automating wireless and wired device detection, Pwnie solutions continuously detect the devices on or around your network that are open pathways for attackers. Pwnie arms your security team to win the BYOD battle with the ability to detect and fingerprint any device, from phone to thermostat, in order to prioritize your security response, reduce alert fatigue, and provide situational intelligence. See all the things you’re missing at pwnieexpress.com or @PwnieExpress.