Emerging Threats

Mobile apps and iot devices are an overlooked security risk by consumers – and that's a problem

Authored by a Symantec employee


Today, Norton released findings from a survey of more than 5,000 consumers from U.S., U.K., Canada, Australia and Japan about their fears of and forays into the connected world. The survey makes clear that there are two types of people: those who understand smartphones and IoT devices come with risks, and those who do not.

More than half of respondents globally (56 percent) say the prospect of the financial and banking information stored on their phone being hacked is upsetting. What is more striking is that nearly half either do not care about their information being hacked or they are less concerned about financial hacks than other information being compromised.

For nearly 10 percent of smartphone users there is not a single thing a hacker could take from their phone that would upset them. This includes text and voice messages, pictures and videos, mobile app-controlled home security cameras and appliances. They see it as a device they talk to friends with and check on social media. They use it to easily manage their money. They don’t think anything bad could happen on a smartphone.

We are seeing this split with IoT devices in the US as well. Globally, consumers feel just slightly more comfortable using banking and financial apps (56 percent) than apps for home entry (44 percent). We have seen an endless array of IoT devices present severe security weaknesses. Yet in the US, 39 percent of consumers say they would feel secure using a home entry app that allows them to open the door remotely for friends and family.

Getting hacked is not something consumers worry about with the devices they use to monitor their children or to lock their front doors. Most of the research into attacks on IoT devices has focused on attacking the device directly, but there is another way these devices are at risk: many IoT devices are controlled by mobile apps. Control someone’s phone and you can control their IoT devices. The risk to consumers moves from online and into their home – it’s personal.

The point is not to panic, nor is it to stop using these devices. Mobile apps and IoT devices aren’t going away. In fact, 60 percent of US respondents use mobile apps to manage both connected devices and their personal finance. 26 percent control their home entertainment components with a mobile phone, and 16 percent have connected home devices such as security cameras, alarms, home entry systems, baby monitors, light bulbs, light switches and appliances.

We want the people who are not concerned about hacking to understand the risk. In January 2016, Norton scanned the approximately 25 million Android apps in our database. 40 percent of the 94 app stores we scanned exhibited malicious behavior. We identified more than 9 million malicious apps and found more than 16 million apps with potential privacy or intrusive behaviors. These apps can send sensitive information from your phone, including your account and device details, browser history, location and call logs from the device without encryption. The intrusive behaviors include adding browser favorites, putting up big banner ads, or changing desktop images or ringtones.

Staying Safe with Mobile Apps and IoT Connected Devices

Whichever kind of person you are, you need to stay safe. And whatever type of IoT device or mobile app you want to use there are some simple, best practices you can adopt.

Protecting Mobile Devices

  • Use a reputable mobile security app. Norton Mobile Security pre-scans Android apps and identifies potential vulnerabilities before downloading from Google Play. You should know what you’re downloading before it gets on your device.
  • Download apps from official app stores. Third-party app stores may not put apps through the same rigor as official app stores such as the Google Play Store or Apple’s App Store.
  • Be mindful of your app settings. Beware of apps that ask you to disable settings that protect you from installing unsecure apps. This makes your device more vulnerable and opens you to attacks.

Protecting IOT Devices

  • Keep your device current. Make sure you install the latest updates on your device, whether automatically or when sent from the manufacturer.
  • Protect your device. Set strong and unique passwords on these devices. Use a combination of at least eight letters, numbers and symbols.
  • Be stingy with your device. Protect the communication shared between your device and network by using encrypted communication on your home Wi-Fi (like WPA2) to connect the device. Better yet, use a hard-coded network connection, such as a LAN connection. If you have a feature on your device, you don’t use, turn it off.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome and Android are trademarks of Google, LLC. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced and/or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other company names and product names are registered trademarks or trademarks of each company.