Vulnerabilities identified include:

• Privacy concerns — 80 percent of devices raised privacy concerns. Personal information is considered to be exposed when not properly encrypted on devices and during transit over networks.

• Insufficient authorization — 80 percent of devices failed to require passwords of sufficient complexity and length. A hacker can use vulnerabilities such as weak passwords to gain access to a device.

• Lack of transport encryption — 70 percent did not encrypt communications to the Internet and local network. Transport encryption is necessary given that many of these devices are collecting and transmitting data that can be considered sensitive in nature.

• Insecure web interface — 60 percent raised security concerns with their user interfaces. A majority of devices along with their cloud and mobile counterparts enable a hacker to determine valid user accounts using techniques such as the password reset feature.

• Inadequate software protection — 60 percent did not use encryption when downloading software updates. There was no encryption during downloading and the update itself was not protected in some manner.

The report concludes that since the IoT is in its early stages, there is still time to secure devices before consumers are at risk.

For more information, go to the Internet of Things Research Study.

Publication date: 8/25/2014

Want more HVAC industry news and information? Join The NEWS on Facebook, Twitter, and LinkedIn today!