A study recently released by Hewlett-Packard (NYSE:HPQ) found that 70 percent of devices connected to the Internet are vulnerable to some form of hacking. As the “Internet of Things” continues to grow with more appliances and devices connected to the Web, concerns have risen about the increased number of entry points for hackers into the smart home or office.
HP Security Research examined 10 of the most popular Internet-connected devices, including thermostats, smart TVs and webcams, revealing a number of security vulnerabilities. For each of the 10 devices, 25 vulnerabilities were found, including insecure Web interfaces, insufficient software protection and lack of encryption.
According to the study, most devices failed to require strong and complex passwords that use special characters and numbers, with some devices even allowing simple passwords such as “123456.” Some devices even transmitted data unencrypted, potentially exposing user data and other valuable pieces of information.
While Internet-connected devices are still in their infant stages, HP hopes that its study will raise awareness of the security problems that may arise as devices in the home and office become more connected to the Internet.
“Late last year, we were hearing a lot about Internet of Things, and a bit about IoT security, but had not seen anything that focused on the complete picture of IoT security, i.e., all the various surface areas that represent the IoT ecosystem,” Daniel Miessler of HP said in a statement. “So, we decided to start the OWASP Internet of Things Top 10 Project, which aims to educate on the main facets of Internet of Things security that people should be concerned with.”
With Internet-connected appliances and non-smartphone and tablet gadgets expected to grow to 26 billion installed units in 2020, up from 900 million in 2009, these security issues may quickly become a much bigger problem.
“The fact is that... many categories of connected things in 2020 don't yet exist,” Peter Middleton, researcher director at Gartner, said. “As product designers dream up ways to exploit the inherent connectivity that will be offered in intelligent products, we expect the variety of devices offered to explode.”
To HP, this is concerning since Internet-connected devices create new problems for home and corporate networks.
“The current state of Internet of Things security seems to take all the vulnerabilities from existing spaces, e.g., network security, application security, mobile security and Internet-connected devices, and combine them into a new (even more insecure) space, which is troubling,” Miessler added.