Insecure phones, devices creating largest-ever sensor grid (for China) in US homes, says Pepper cyber security report

As an industry, the state of cyber security is a “hot mess,” Scott Ford said candidly.

Scott Ford, Pepper

“Frankly, its at a point where it ought to be concerning to everybody,” Ford, CEO of Pepper IoT, said in response to a new report that examines the state of the IoT space and released as part of a collaboration between Pepper and DarkCubed, a Virginia based, cyber security firm.

“It certainly validated what we suspected and we’ve seen through our own testing of devices in the market,” Ford said of findings from the report — assembled by DarkCubed CEO Vince Crisler and his team. “It highlights the real need for policy, regulation, and responsibility among distributors to source IoT devices [sold in the U.S.]  that operate on U.S.-based platforms.”

Pepper was named one of Startland’s Kansas City Startups to Watch in 2019. Click here for more on why Pepper was selected.

Research for the report was conducted after DarkCubed purchased smart devices from common retailers and monitored how secure they were, in comparison with the security of their backend infrastructure and android apps, the company explained.

A key finding of the report revealed that many tech devices sold in the U.S. have not been through a security review, Crisler said.

“If I’d learned in this assessment that some of these devices were insecure, that wouldn’t have been surprising,” Crisler said. “To see that these devices are designed, manufactured, distributed and sold — and in use in consumer homes — but nobody has ever looked at it from a security perspective? That is what was really surprising to me.”

Other findings included: inexplicable interactions with personal data; unusual levels of communication between the devices and their infrastructure; connections to IP addresses in questionable nation-states; and security practices and policies that were at best, ineffective and at worst, non-existent, the report indicated.

Click here to read the full report.

“I’m not shy anymore about saying, you know, ‘China is making a strategic play in consumer IoT and nobody cares, right?’ [It] is a big problem that we are deploying the largest sensor grid in the history of the world, in the homes of users across the globe,” Crisler explained.  

Vulnerabilities that allow household tech to send encrypted data to China has both Ford and Crisler on edge, as the two look for ways to innovate the IoT space and rid the consumer market of such security risks, they said.

Part of such a fight will include a strategic partnership between the companies, Ford said.

“Both DarkCubed and Pepper are going to work together — but then also independently — to scan the market and identify issues that we see out there and then come together and decide how to expose those problems,” he said. “The goal here really isn’t to scare the heck out of consumers … It’s really about those who have influence, a decision making power in the marketplace.”

In the future, the two companies plan to co-create reports aimed at raising awareness of emerging cyber security threats as a means of promoting thought leadership in the IoT space and starting candid conversations centered around the issue, Crisler added.

Click here to read more about Pepper’s cyber security efforts.