‘Serious vulnerabilities’ on the Internet of Things

Security

by Jimmy Nicholls| 30 July 2014

HP report raises more concerns about future of connectivity.

Seven out of ten of the most commonly used Internet of Things (IoT) devices have "serious vulnerabilities", according to tech company Hewlett-Packard (HP).

Tests revealed 250 flaws across the devices, including privacy concerns in eight cases, weak password policies in the same number, and a lack of transport encryption in seven cases.

Daniel Miessler, practice principal at HP, said: "The current state of Internet of Things security seems to take all the vulnerabilities from existing spaces - network security, application security, mobile security and Internet-connected devices - and combine them into a new, even more insecure space, which is troubling."

Six of the devices had user interfaces that concerned the company, and the same number had troubling software or firmware, including unencrypted updating protocols.

"IoT security is not just a consumer problem," Miessler added.

"Corporations need to be looking at how their ICS (industrial control) and SCADA (supervisory control and data acquisition) systems fare when looked at under a similar light."

The devices investigated included a television, a home thermostat and a door lock, with most of items said to include some form of cloud service.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

765 people like this.
2026 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.