The much-hyped Internet of Things is a security nightmare, according to research by HP. Everyday devices are sprouting Internet connections, but they are also loaded with obvious flaws, including the Heartbleed error and passwords sent as plain text.
The Internet of Things is supposed to make existence more efficient and reliable by adding connections and sensors to everyday items, to perform tasks such as turning off heating and tracking the performance of transport systems. A widely-quoted prediction suggests that 26 billion devices will be connected to the Internet of Things by 2020 – and HP warns that an unseemly rush for market share is creating a lot of sloppy and downright dangerous security gaffes.
“This spike in demand is pushing manufacturers to quickly bring to market connected devices, cloud access capabilities and mobile applications in order to gain share,” says HP’s release. “While this increase in IoT devices promises benefits to consumers, it also opens the doors for security threats ranging from software vulnerabilities to denial-of-service (DOS) attacks to weak passwords and cross-site scripting vulnerabilities.”
HP used its Fortify On Demand testing service, to probe ten popular Internet of Things devices, including TVs, door locks, home alarms, webcams, lawn sprinklers, thermostats and power sockets. Each was accessible from the Internet and they all had flaws, adding up to 250 in total, or an average of 25 for each device.
The vulnerabilities included poor password security, poor or non-existent encryption. The consequences could include attackers sabotaging home security and electricity systems.
Eight of the devices raised privacy concerns by collecting too much personal data, and the same number failed to require strong enough passwords. Seven out of ten transmitted private data unencrypted, ans six had web interfaces vulnerable to attacks such as cross-site scripting (XSS).
HP urges IoT vendors to shape up, and meet basic security criteria aimed at the Internet of Things, such as those provided by the Open Web Application Security Project (OWASP).
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…