THE Dark Reading piece warns that the number of IoT devices in homes and workplaces is ballooning even as security awareness lags behind, exposing networks to credential theft and unauthorised access. Epifani’s research, focusing on devices such as Amazon Echo Dot, Echo Vision, Alexa, Apple TV, Apple Watch and Google Home, along with smart fridges and Roombas, shows that manyIoT products ship with insecure default settings and insufficient passcodes and encryption.
He notes that “with IoT devices, you cannot set a password,” highlighting a gap that can be exploited when devices are connected to the same network as other systems, enabling lateral movement for threat actors. Reused passwords are described as a treasure trove for attackers, and surveillance cameras are identified as a significant risk because they can be used to gain network access when they are older and less protected.
The piece also stresses the danger of discarding IoT gear, since data at rest on devices is often unencrypted and can be recovered, potentially enabling impersonation attacks. Epifani’s findings suggest that encryption is improving but that “millions, probably billions of IoT devices” remain in use worldwide, meaning it will take years to replace them.