Internet of Things devices riddled with vulnerabilities: HP
Tests of 10 most popular IoT products show weak security
Sensor-enabled products equipped for the Internet of Things suffer from a range of security vulnerabilities, according to a recent report from HP.
"HP Security Research reviewed 10 of the most popular devices in some of the most common IoT niches revealing an alarmingly high average number of vulnerabilities per device," HP's report claimed.
Vulnerabilities ranged from the notorious Heartbleed flaw to weak passwords and cross-site scripting holes.
All the devices tested by HP included mobile apps allowing remote access control. Most connected to cloud services. The test sample covered devices from manufacturers of TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers.
Ninety per cent of the devices collected at least one piece of personal data and eight devices failed to enforce strong passwords, allowing credentials such as "1234".
"Many of the accounts we configured with weak passwords were also used on cloud websites as well as the product's mobile application," the report claimed. "A strong password policy is Security 101 and most solutions failed."
On privacy, HP challenged the need for personal information to be collected by IoT devices.
"With many devices collecting some form of personal information such as name, address, data of birth, health information and even credit card numbers, those concerns are multiplied when you add in cloud services and mobile applications that work alongside the device," it read.
"With many devices transmitting this information unencrypted on your home network, users are one network misconfiguration away from exposing this data to the world via wireless networks. Cloud services, which we discovered most of these devices use, are also a privacy concern as many companies race to take advantage of the cloud and services it can provide from the Internet. Do these devices really need to collect this personal information to function properly?"
The report cited Gartner as predicting the Internet of Things will be made up of 26bn "units" by 2020. Cisco has previously projected a figure of 50bn devices connected to the Web by the same year.