RSS feed Get our RSS feed

News by Topic

BizReport : Internet : August 04, 2014

Study reveals the privacy issues behind the Internet of Things

A worryingly high percentage of Internet of Things devices have security vulnerabilities that, instead of making life easier, could cause more problems than they are worth.

by Helen Leggatt

Hewlett-Packard's Fortify on Demand division has released its first 'Internet of Things State of the Union Report' and, for those intending to implement such devices into their lives it is scary reading.

HP investigated ten of the most popular Internet of Things devices - door locks, webcams, televisions, alarms, garage openers, power outlets, sprinklers, scales, home thermostats and hubs for controlling multiple devices. They spent three weeks hacking the devices to try to identify weak spots.

The results? Each device was found to have an average of 25 vulnerabilities, the most worrisome being a lack of security. Seventy percent of devices didn't use any kind of encryption, while half of the devices' mobile apps were found to be sending unencrypted communications to the cloud and Web.

Furthermore, 80% of the devices failed to require passwords of sufficient length and complexity making them vulnerable to attack. Sixty percent were identified as having "insecure web interfaces".

According to the report, "A majority of devices along with their cloud and mobile components failed to require passwords of sufficient complexity and length with most allowing passwords such as "1234" or "123456". In fact, many of the accounts we configured with weak passwords were also used on cloud websites as well as the product's mobile application. A strong password policy is Security 101 and most solutions failed."

Tags: apps, cloud, Internet of Things, mobile, privacy

Subscribe to BizReport



Copyright © 1999- BizReport. All rights reserved.
Republication or redistribution of BizReport content is expressly prohibited without the prior written consent.
BizReport shall not be liable for any errors in the content, or for any actions taken in reliance thereon.