The Internet of Things: once no more than speculative science fiction, it’s now a reality as we see more and more devices connected to the internet. From our phones and computers to our home security systems and garage doors, the Internet of Things allows us to connect to any device, any time, anywhere — and it’s projected to grow to 26 billion individual units by the year 2020, according to Gartner, Inc. research.
But could this connectivity have a negative impact on our security? Computer manufacturer Hewlett-Packard says yes.
A previous survey by the firm revealed that as many as 70 percent of devices had potentially exploitable vulnerabities, leading tech blog SiliconANGLE to refer to the Internet of Things as “the Internet of Gaping Holes.”
The most recent survey expounds on these vulnerabilities, utilizing the company’s Fortify application security unit to analyze the 10 most popular consumer “internet things” available.
The results: 250 different security vulnerabilities in those few products, averaging out to 25 faults in each.
HP didn’t identify which products were tested, but they reported that they came from manufacturers of “TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers.”
While many of these items use a basic version of the Linux operating system, they are often built without the taking a traditional computer’s security concerns into consideration.
Mike Armistead, VP and general manager of HP’s Fortify division, explained that the lack of security is likely due to one main cause: manufacturers want to put their devices on the market without having to spend extensive time testing them and providing them with protections from attacks.
Of the study’s finding, some selected vulnerabilities included:
- Eight devices failing to require a password stronger the “1234”
- Seven devices with no encryption when communicating with the internet — meaning anything getting sent out has no protection on it whatsoever to keep information secure
- Six devices with weak security features, such as weak default sign-in credentials, some of which were also transmitted without encryption
- Six devices with no encrypted software updates, which could lead to hackers send legitimate looking software updates in order to control or reprogram that device remotely once that false update has been downloaded
So whether someone has a webcam or a garage door opener connected to the internet, this could spell trouble when it comes to privacy and home security.
This is especially disturbing based on one of the study’s findings: nine out of 10 of the devices collected some form of personal information, such as an email address, a home address, a name, or a date of birth.
Yet because products in the home may all be connected over the same internet connection, if data is compromised on one device, it can lead to other devices getting hacked, too.
While it may sound paranoid to some, Target saw a breach of customer information for 70 million people at the beginning of the year, one of the most widespread attacks so far. How the data was accessed in the first place is even more alarming: on a device the store used to maintain its heating and ventilation systems.