The Internet of Things: increasing the security nightmare



A new report claims that a couple of security concerns on a single device in IoT can quickly turn into 50 or 60 concerns with multiple devices. 

A recent report by HP Security Research reviewed 10 devices that it considered popular and common in IoT and found a range of problems from Heartbleed to DoS to cross-site scripting.

Related: The Five Reasons Dell Beats HP in the Technology Market

Among the concerns highlighted by the researchers are the following:

80% of devices raised privacy concerns because many devices are collecting some or all of your personal information. Exasperating the situation is communications over networks, cloud based systems, and the use of mobile phones.

80% of devices failed to ask for passwords of sufficient length and complexity. There was, in general, a lack of authentication and authorization commensurate with the need to have stronger access controls.

70% had no encryption of data over the network or through the Internet.

60% had UI issues that raised security issues. These included cross-site scripting, poor session management and weak default credentials. So, for example, a simple password reset could be maliciously exploited without the right mechanism in place to protect the user.

Related: The HP EliteBook 755: HP and AMD Have a Winner Notebook This Season

60% had no encryption when downloading software and firmware. This lack of protection leaves such updates and controlling software open to interception and extraction for malicious purposes.

Of course, this is a report from a vendor perspective so, there is some element of fear mongering in order to sell services and support around HP's own solutions to these problems, but the researchers claim to have used standard testing techniques combining manual and automatic testing. Devices and drivers were assessed based on OWASP IoT Top 10 list and the specific issues OWASP associates with each top 10 category.

However, there is no denying that the number of IoT devices coming onto the market and being connected up is increasing every day. This just may be a wake up call for the industry.



Joe Jejune

I am a gadget freak and love everything about technology. In my day job I work at a startup and help build applications for the healthcare industry. 


More

Why President Obama is Hedging On Sony’s North Korea Mistake

Was Obama right in taking Sony to task for not releasing The Interview?

Another Rock Series is Headed to Cable, Thanks to Scorsese and Jagger

New series, along with Cameron Crowe's Roadies, will bring classic rock to cable next year

Kate Winslet May Join Steve Jobs Biopic

Oscar winner may join Michael Fassbender, Jeff Daniels and Seth Rogen in cast