The much-hyped Internet of Things is a security nightmare, according to research by HP. Everyday devices are sprouting Internet connections, but they are also loaded with obvious flaws, including the Heartbleed error and passwords sent as plain text.
The Internet of Things is supposed to make existence more efficient and reliable by adding connections and sensors to everyday items, to perform tasks such as turning off heating and tracking the performance of transport systems. A widely-quoted prediction suggests that 26 billion devices will be connected to the Internet of Things by 2020 – and HP warns that an unseemly rush for market share is creating a lot of sloppy and downright dangerous security gaffes.
“This spike in demand is pushing manufacturers to quickly bring to market connected devices, cloud access capabilities and mobile applications in order to gain share,” says HP’s release. “While this increase in IoT devices promises benefits to consumers, it also opens the doors for security threats ranging from software vulnerabilities to denial-of-service (DOS) attacks to weak passwords and cross-site scripting vulnerabilities.”
HP used its Fortify On Demand testing service, to probe ten popular Internet of Things devices, including TVs, door locks, home alarms, webcams, lawn sprinklers, thermostats and power sockets. Each was accessible from the Internet and they all had flaws, adding up to 250 in total, or an average of 25 for each device.
The vulnerabilities included poor password security, poor or non-existent encryption. The consequences could include attackers sabotaging home security and electricity systems.
Eight of the devices raised privacy concerns by collecting too much personal data, and the same number failed to require strong enough passwords. Seven out of ten transmitted private data unencrypted, ans six had web interfaces vulnerable to attacks such as cross-site scripting (XSS).
HP urges IoT vendors to shape up, and meet basic security criteria aimed at the Internet of Things, such as those provided by the Open Web Application Security Project (OWASP).
Oracle's huge AI, Cloud investment in Japan will meet growing local demand and address digital…
People who create sexually explicit ‘deepfakes’ of adults will face prosecution under a new law…
Protest at cloud contract with Israel results in staff firings, in addition to layoffs of…
Microsoft warns of Russian influence campaigns have begun targetting upcoming US election, albeit at a…
Microsoft to avoid an EU investigation into its $13 billion investment in OpenAI, after EC…
As President Biden 'considers' request to drop Julian Assange extradition, US provides assurances to prevent…