80% of consumers don't trust IoT security, says BlackBerry

News by Mark Mayne

Significant lack of trust in UK, US IoT market, says survey, as BlackBerry launches trio of IoT security services.

IoT devices are set to permeate the home despite lack of trust. (pic: Busakorn Pongparnit/Getty Images)

A massive 80 percent of consumers in the US and UK do not trust their current internet-connected devices to secure their data and privacy, according to new research.

The research was unveiled by mobile device manufacturer and security cheerleader BlackBerry Inc at the CES 2019 launch of the company's triple-pronged Internet of Things (IoT) security play.

BlackBerry has launched three technology licenses for IoT OEMs: Secure Enablement, Foundations and Enterprise Feature Packs.

Products that have integrated BlackBerry's tech will be able to stamp themselves as "BlackBerry Secure", but will not have the burden of developing and maintaining their own security systems in-house.

"IoT device manufacturers can address security and privacy concerns head-on and stand out in the cluttered IoT space by bringing to market ultra-secure products that consumers, retailers, and enterprises want to buy and use," said Alex Thurber, senior vice president and general manager of mobility solutions at BlackBerry, in a statement.

"This new service is a pivotal point in the company's software licensing strategy and underscores BlackBerry's evolution from providing the most secure smartphones to delivering the trusted security for all smart 'things’," Thurber said.

The BlackBerry Secure Enablement Feature Pack offers secure manufacturing and product lifecycle management features out of the box, including a BlackBerry Secure Identity Service Key that is baked into hardware during manufacturing. If the key is tampered with then the device no longer boots.

The Foundations Feature Pack hardens the OS kernel and locks down software being executed with Secure Boot and ARM Trustzone technology to securely generate, use and store encryption keys. The Enterprise Pack takes these concepts a step further with extended device management policies deployed on the device, allowing enterprises to control what can be accessed via device debug interfaces, communication protocols (Bluetooth, NFC), and radios (cellular, WIFI, GPS), as well as set policies which add baseline security for certifications such as FIPS.

Steve Giguere, global solution architect at Synopsys, told SC Media UK, "BlackBerry have done a good job at finding a new niche in recent years. While most mobile companies compete on features and flexibility, they have addressed a gap in the market by providing highly secure enterprise mobile communication for those where data privacy is paramount.

"It’s a logical step to see security focused mobile development technology address a growing concern in the IoT market where we have seen data privacy and security playing second fiddle to connectivity and feature focus.  A common problem within the IoT device manufacturers has been a lack of understanding or education around secure development practice. Whilst much has been done to boost web application security, purpose-built mobile device security has lacked the same level of industry specific guidance. Any template for success for securing this industry should be a welcome initiative."

The BlackBerry survey highlighted that while more than half of the respondents (58 percent) said they would be willing to pay more for products such as Alexa-speakers, home security products and wearables if they could be certain their data and privacy were protected, there were significant underlying knowledge gaps in perceptions of data security.

A considerable 23 percent said they do not restrict the data they allow their device to access through features or apps, and 17 percent admitted that they didn’t know how to restrict the data. In addition, more than one-third (36 percent) of those surveyed admitted to not knowing what security certifications to look for when buying devices anyway.

"This survey shows there is a real opportunity for companies to differentiate their products by providing a higher level of security and data privacy," said Mark Wilson, chief marketing officer at BlackBerry. "Similar to the rise in demand for organic food and sustainable goods, we believe that educated consumers – many who have been victims of cyber-attacks and uninvited use of personal data – will help drive the private and public sectors to align on a safety and security standard."

The launch is not the first such IoT security initiative by some margin, with the UK publishing a voluntary code of practice (CoP) in October 2018 to help manufacturers increase the overall security of IoT devices. HP and Centrica Hive have committed to implement the CoP by 2021, and it’s hoped that wider acceptance will begin to form the basis of an international standard. 

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews