Internet of things big security worry, says HP

Internet of things big security worry, says HP

Summary: HP found 25 vulnerabilities per device including everything from TVs to thermostats to home alarms and scales.

TOPICS: Security

About 70 percent of Internet of things devices---including sensors and connected infrastructure---have vulnerabilities that could be exploited, according to Hewlett-Packard.

HP's data is based on it Fortify division and a scan of 10 of the most popular Internet of things devices. HP found 25 vulnerabilities per device. These devices included TVs, Webcams, thermostats, remote power outlets, sprinklers, door  locks, home alarms, scales and garage openers.

The findings, assessed based on the OWASP Internet of Things Top 10 list and vulnerability categories, account for the devices as well as cloud and mobile applications connected to them.

Among the key bullets:

  • 80 percent of devices including cloud and mobile apps failed to require strong passwords.
  • Eight of 10 devices collected enough data to raise privacy concerns.
  • 70 percent of devices didn't encrypt communications and 60 percent of them lacked encryption for software updates.
  • Six of 10 devices had insecure Web interfaces.


Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • The Internet is going to get a lot worse before it gets better

    Assuming that it ever gets better ...
    Rabid Howler Monkey
  • Privacy

    Wait until people realize that their lawn sprinklers are telling the NSA that you use too much water in a drought season. Actually, most Americans (according to a survey) prefer ease-of-use and convenience over privacy issues. I mean, people who complain about the NSA are also using public Internet services where they literally USE your information as part of third-party advertising. Does that mean that your IoT connected car will force you to drive to a sale at some store? Or that it will tell both the police AND your insurance company every time you drift over the speed limit? Will you be getting coupons based on the contents of your connected refrigerator?

    As for someone hacking your devices, that could go beyond the privacy issue. Suppose you go to the refrigerator and find everything frozen because someone decided to turn the thermostat all the way to super-cold? Or your thermostat (this can kill someone who is old and sick)?

    I think this won't get "fixed' until the issues actually come about and people start making comments very much in public.
  • It's the Manufactures' Own Fault for Not Using 10.X or Linux

    I kid, but too often their fans promote these OSes as invulnerable to attack.

    While HP's report is obviously self-serving to promote their Fortify products, it nonetheless is right on the mark (as are hforman's comments).

    Though with so many avenues of attack the organized hackers are only going to go after the most economical attack vectors.

    IoT will most likely be the arena of the griefers which tends to be dominated by script kiddies and anarchists.
  • A bad idea whose time has come

    I remember thinking that networking everything was going to be a security nightmare back when I first started reading about this trend nearly a decade ago. I suppose we'll keep moving in this direction until some really massive cyberattack causes some huge amount of real-world damage.