HP Warns Of Internet Of Things Danger

The much-hyped Internet of Things is a security nightmare, according to research by HP. Everyday devices are sprouting Internet connections, but they are also loaded with obvious flaws, including the Heartbleed error and passwords sent as plain text.

The Internet of Things is supposed to make existence more efficient and reliable by adding connections and sensors to everyday items, to perform tasks such as turning off heating and tracking the performance of transport systems. A widely-quoted prediction suggests that 26 billion devices will be connected to the Internet of Things by 2020 – and HP warns that an unseemly rush for market share is creating a lot of sloppy and downright dangerous security gaffes.

Things can only get broken

“This spike in demand is pushing manufacturers to quickly bring to market connected devices, cloud access capabilities and mobile applications in order to gain share,” says HP’s release. “While this increase in IoT devices promises benefits to consumers, it also opens the doors for security threats ranging from software vulnerabilities to denial-of-service (DOS) attacks to weak passwords and cross-site scripting vulnerabilities.”

HP used its Fortify On Demand testing service, to probe ten popular Internet of Things devices, including TVs, door locks, home alarms, webcams, lawn sprinklers, thermostats and power sockets.  Each was accessible from the Internet and they all had flaws, adding up to 250 in total, or an average of 25 for each device.

The vulnerabilities included poor password security, poor or non-existent encryption. The consequences could include attackers sabotaging home security and electricity systems.

Eight of the devices raised privacy concerns by collecting too much personal data, and the same number failed to require strong enough passwords. Seven out of ten transmitted private data unencrypted, ans six had web interfaces vulnerable to attacks such as cross-site scripting (XSS).

HP urges IoT vendors to shape up, and meet basic security criteria aimed at the Internet of Things, such as those provided by the Open Web Application Security Project (OWASP).

Connect up with our Internet of Things Quiz!

Peter Judge

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago