The Internet of Things: increasing the security nightmare



A new report claims that a couple of security concerns on a single device in IoT can quickly turn into 50 or 60 concerns with multiple devices. 

A recent report by HP Security Research reviewed 10 devices that it considered popular and common in IoT and found a range of problems from Heartbleed to DoS to cross-site scripting.

Among the concerns highlighted by the researchers are the following:

80% of devices raised privacy concerns because many devices are collecting some or all of your personal information. Exasperating the situation is communications over networks, cloud based systems, and the use of mobile phones.

80% of devices failed to ask for passwords of sufficient length and complexity. There was, in general, a lack of authentication and authorization commensurate with the need to have stronger access controls.

70% had no encryption of data over the network or through the Internet.

60% had UI issues that raised security issues. These included cross-site scripting, poor session management and weak default credentials. So, for example, a simple password reset could be maliciously exploited without the right mechanism in place to protect the user.

60% had no encryption when downloading software and firmware. This lack of protection leaves such updates and controlling software open to interception and extraction for malicious purposes.

Of course, this is a report from a vendor perspective so, there is some element of fear mongering in order to sell services and support around HP's own solutions to these problems, but the researchers claim to have used standard testing techniques combining manual and automatic testing. Devices and drivers were assessed based on OWASP IoT Top 10 list and the specific issues OWASP associates with each top 10 category.

However, there is no denying that the number of IoT devices coming onto the market and being connected up is increasing every day. This just may be a wake up call for the industry.



Joe Jejune

I am a gadget freak and love everything about technology. In my day job I work at a startup and help build applications for the healthcare industry. 


More

AMD vs. Intel-Assessing Their New Strategies: A Study In Contrasts

Over the next few years we are going to see something we don’t see that often. Two companies in the same market on two very different paths. AMD will be focused like a laser on traditional PC and Server markets but adapting to the new loads and tasks that both are being tossed in. Intel, in contrast, will be expanding massively to drones, IoT, and Automotive each of which has massive, but as yet, unrealized potential for firms in their class. Now typically when AMD and Intel run at each other AMD is massively disadvantaged but with Intel’s shift in focus they won’t be chasing Intel but a...

Black Holes are sending quantum messages in the universe

Spinning black holes are capable of complex quantum information processes encoded in the X-ray photons emitted by the accretion disk.

5 In-Demand Online Money Making Ideas That Require More Than Just Geeky Brainpower

There’s certainly no shortage of money making ideas on the Internet. These ideas require a combination of skills that are so far apart in nature, that not many people boast them. In fact, 51% of jobs now require a combination of creative and technical skills.