PALO ALTO, Calif. — HP has announced the release of its Internet of Things State of the Union Study, which indicates that 70 percent of the most commonly used Internet of Things (IoT) devices exhibit serious vulnerabilities to attack by hackers.
As the report notes, “As the number of connected IoT devices constantly increases, security concerns are also exponentially multiplied.”
Vulnerabilities identified include:
• Privacy concerns — 80 percent of devices raised privacy concerns. Personal information is considered to be exposed when not properly encrypted on devices and during transit over networks.
• Insufficient authorization — 80 percent of devices failed to require passwords of sufficient complexity and length. A hacker can use vulnerabilities such as weak passwords to gain access to a device.
• Lack of transport encryption — 70 percent did not encrypt communications to the Internet and local network. Transport encryption is necessary given that many of these devices are collecting and transmitting data that can be considered sensitive in nature.
• Insecure web interface — 60 percent raised security concerns with their user interfaces. A majority of devices along with their cloud and mobile counterparts enable a hacker to determine valid user accounts using techniques such as the password reset feature.
• Inadequate software protection — 60 percent did not use encryption when downloading software updates. There was no encryption during downloading and the update itself was not protected in some manner.
The report concludes that since the IoT is in its early stages, there is still time to secure devices before consumers are at risk.
For more information, go to the Internet of Things Research Study.
Publication date: 8/25/2014