70 percent IoT devices vulnerable to attack

HP today released results of a study revealing 70 percent of the most commonly used Internet of Things (IoT) devices contain vulnerabilities, including password security, encryption and general lack of granular user access permissions.

With the rise of IoT, the number and diversity of connected devices is expected to increase exponentially. According to Gartner, “the Internet of Things” will include 26 billion units installed by 2020. IoT product and service suppliers will generate incremental revenue exceeding $300 billion, mostly in services, in 2020.

This spike in demand is pushing manufacturers to quickly bring to market connected devices, cloud access capabilities and mobile applications in order to gain share. While this increase in IoT devices promises benefits to consumers, it also opens the doors for security threats ranging from software vulnerabilities to denial-of-service (DOS) attacks to weak passwords and cross-site scripting vulnerabilities.

“While the Internet of Things will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface,” said Mike Armistead, vice president and general manager, Fortify, Enterprise Security Products, HP.

“With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats,” added Armistead.

HP leveraged HP Fortify on Demand to scan 10 of the most popular IoT devices, uncovering, on average, 25 vulnerabilities per device—totaling 250 security concerns across all tested products. The IoT devices tested—along with their cloud and mobile application components—were from manufacturers of TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers.

The most common and easily addressable security issues reported include: Privacy concerns; Insufficient authorization; Lack of transport encryption; Insecure web interface; and Inadequate software protection.

To protect against security hazards that come along with the rise of IoT, it is imperative for organizations to implement an end-to-end approach to identify software vulnerabilities before they are exploited.

Leave a Reply

%d bloggers like this: