The Drum Awards for Marketing - Extended Deadline

-d -h -min -sec

HP Internet of Things

Internet of Things devices could trigger ‘alarming’ security risks, says Hewlett-Packard study

Author

By Jessica Davies, News Editor

August 3, 2014 | 2 min read

Internet of Things (IoT) devices could be “alarmingly” vulnerable to hackers and trigger major security risks, according to a new study from Hewlett-Packard.

The company commissioned Fortify on Demand to investigate ten of the most popular devices in some of the most common IoT niches including TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers.

The majority of the devices examined were cloud-based and all included mobile apps which can be used to access of control the devices remotely.

Eight of the ten devices triggered privacy concerns failing to require passwords of sufficient complexity and length, while the same amount put used at risk of having their personal information intercepted via cloud services.

Meanwhile 70 per cent of them were deemed vulnerable to being hacked.

HP said in a statement: “Late last year, we were hearing a lot about Internet of Things, and a bit about IoT security, but had not seen anything that focused on the complete picture of IoT security, i.e. all the various surface areas that represent the IoT ecosystem. So, we decided to start the OWASP Internet of Things Top 10 Project, which aims to educate on the main facets of Internet of Things Security that people should be concerned with.

“Then earlier this year, we decided to use that project as a baseline for testing the top 10 IoT devices being used today. We bought them, shipped them to Craig Smith's home lab, and beat up on them for around three weeks.”

On average, 25 vulnerabilities were found per device, totalling 250 vulnerabilities.

The biggest areas of wekness were found to be:

  1. Privacy concerns
  2. Insufficient authorization
  3. Lack of transport encryption
  4. Insecure web interface
  5. Inadequate software protection
HP Internet of Things

Content created with:

HP Group

Find out more

More from HP

View all

Trending

Industry insights

View all
Add your own content +