Internet of Things devices open up new avenues for hackers
We're constantly being told that the internet of things is set to revolutionize the world we live in. Gartner has predicted that it will have around 26 billion units by 2020, but with this rapid growth comes added risk.
A new study from HP shows that 70 percent of the most commonly used internet of things (IoT) devices contain vulnerabilities, these include password security, encryption and personal data issues.
As manufacturers rush to bring IoT devices to market they open the door to threats ranging from code vulnerabilities and denial of service attacks to weak passwords and scripting vulnerabilities.
HP used its Fortify on Demand product to scan 10 of the most popular IoT devices, uncovering on average 25 vulnerabilities per device. Items tested included TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers.
Of the devices tested -- including their cloud and mobile software components -- 8 out of 10 raised privacy concerns surrounding collection of personal data. 90 percent of those devices tested collected at least one piece of personal information either via the device itself or its associated software.
Weak passwords was another problem with 80 percent of tested devices failing to require passwords of adequate length or complexity. Not encrypting data in transit affected 70 percent of devices. 60 percent didn't use encryption when downloading software updates. This meant that in some cases downloads could be intercepted and extracted allowing the software to be analyzed.
Insecure web interfaces were a problem for 60 percent of devices, poor session management, weak default credentials and credentials transmitted in clear text all being concerns. Of those devices with cloud and mobile components 70 percent would enable a potential attacker to determine valid user accounts through account enumeration or the password reset feature.
"While the Internet of Things will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface," says Mike Armistead, vice president and general manager, Fortify, Enterprise Security Products at HP. "With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats".