The Internet of Things: increasing the security nightmare

A new report claims that a couple of security concerns on a single device in IoT can quickly turn into 50 or 60 concerns with multiple devices. 

A recent report by HP Security Research reviewed 10 devices that it considered popular and common in IoT and found a range of problems from Heartbleed to DoS to cross-site scripting.

Among the concerns highlighted by the researchers are the following:

80% of devices raised privacy concerns because many devices are collecting some or all of your personal information. Exasperating the situation is communications over networks, cloud based systems, and the use of mobile phones.

80% of devices failed to ask for passwords of sufficient length and complexity. There was, in general, a lack of authentication and authorization commensurate with the need to have stronger access controls.

70% had no encryption of data over the network or through the Internet.

60% had UI issues that raised security issues. These included cross-site scripting, poor session management and weak default credentials. So, for example, a simple password reset could be maliciously exploited without the right mechanism in place to protect the user.

60% had no encryption when downloading software and firmware. This lack of protection leaves such updates and controlling software open to interception and extraction for malicious purposes.

Of course, this is a report from a vendor perspective so, there is some element of fear mongering in order to sell services and support around HP's own solutions to these problems, but the researchers claim to have used standard testing techniques combining manual and automatic testing. Devices and drivers were assessed based on OWASP IoT Top 10 list and the specific issues OWASP associates with each top 10 category.

However, there is no denying that the number of IoT devices coming onto the market and being connected up is increasing every day. This just may be a wake up call for the industry.

Joe Jejune

I am a gadget freak and love everything about technology. In my day job I work at a startup and help build applications for the healthcare industry. 


Xbox Get’s A Surprise Update But Hololens Knocked Our Socks Off

An Xbox upgrade and Projet X-Ray amaze at Microsoft Devices launch.

T-Mobile Breach Really? Defenses And Obama (and Congress) Incompetence

So how would someone just breach the T-Mobile records and why? This is infuriating.

A racist scientist doesn’t want immigration friendly countries to use his software.

I always thought education was a good tool to fight bigotry, apparently I was wrong. A German scientists, Gangolf Jobb, is revoking the licence for his bioinformatics software, Treefinder, for researchers in eight European, immigrant friendly, countries. Treefinder is commonly used for scientific papers to build diagrams, from sequence data, showing the most likely evolutionary relationship of various species. The software has not been updated for years and is not unique or irreplaceable. It is widely used because researchers are used to it but alternatives are already being listed for those...