Skip to main content

Nearly all IoT traffic is unencrypted

(Image credit: Image source: Shutterstock/everything possible)

Practically all of the traffic flowing from Internet of Things (IoT) devices in the United States is not encrypted, consequently putting both businesses and their customers at unnecessary risk of data theft and all others that follow.

This is according to a new report by Unit 42, Pao Alto Networks' threat intelligence team, which analysed 1.2 million IoT devices in thousands of physical locations across enterprise IT and healthcare organisations in the U.S., finding that 98 per cent of all IoT device traffic is unencrypted.

That basically means that if intercepted, the data could be easily read and used.

So the question arises – how easy is it to eavesdrop on the data exchange between IoT devices and their respective servers? The report claims 57 per cent of IoT devices are vulnerable to either medium or high-severity attacks. IoT is perceived as “low-hanging fruit” for cybercriminals.

Three quarters of healthcare organisations (72 per cent) are placing their IoT devices at even more unnecessary risk, by mixing IoT and IT assets on VLAN, allowing infected employee computers to spread the malware onto IoT devices with ease.

To add insult to injury, 83 per cent of medical devices run outdated operating systems.

Hackers are well-aware of these facts and are developing new techniques to take advantage of old legacy protocols.

According to IDC’s estimates, there will be 41.6 billion connected IoT devices, generating 79.4 zettabytes (ZB) of data by 2025.