70% Of Internet-Connected Appliances Are Vulnerable To Hacking
Excited about the promise of the shiny new Internet of Things? Good. Because hackers are too.
Nearly three-quarters of all Internet of Things devices are susceptible to getting hacked or compromised, according to a recent study
Suddenly, everything from refrigerators to sprinkler systems are wired and interconnected, and while these devices have made life easier, they’ve also created new attack vectors for hackers. These devices are now collectively called the Internet of Things (IoT). IoT devices are poised to become more pervasive in our lives than mobile phones and will have access to the most sensitive personal data such as social security numbers and banking information.
fortifyprotect.comAs the number of connected IoT devices constantly increases, security concerns are also exponentially multiplied. A couple of security concerns on a single device such as a mobile phone can quickly turn to 50 or 60 concerns when considering multiple IoT devices in an interconnected home or business. In light of the importance of what IoT devices have access to, it’s important to understand their security risk.
fortifyprotect.comThe study, released by Hewlett-Packard (HP), examined 10 common smart devices, including thermostats, smart TVs and webcams. Each device had approximately 25 vulnerabilities, the study claimed.
Researchers at HP's Fortify security arm examine the top 10 internet-connected home appliances or devices, and what they found was terrifying: the group of products had 250 different security flaws of the sort that hackers could take advantage of. Yes, on average, that means each device could be compromised 25 different ways.
gizmodo.comMany of the vulnerabilities had to do with a lack of password strength and weak protection software. Eight out of 10 devices failed to require passwords strong enough to be useful, and the same amount put users at risk of having their personal information intercepted via cloud services.
mashable.comThe Fortify report doesn't name the devices by brand
But Re/code says the items came from manufacturers of "TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers." Y'know, basically anything you'd think of as an Internet of Things thing.
recode.netWhat's behind this hellstew of insecurity?
Basically, most of these devices run a stripped-down version of Linux. The software comes in with some very basic vulnerabilities, and the companies making the devices aren't locking up those security gaps the way they would with a traditional computing gadget.
gizmodo.comAnd we're talking some very basic vulnerabilities: of the 10 devices tested, seven sent all data (including personal identifying info) to the web completely un-encrypted, while six transmitted password info unencrypted. Six of the devices tested don't encrypt software updates, meaning a baddie could make a convincing-looking software update that takes over the device and operates it under the hacker's beck and call. Oh, and nine of the 10 devices collect some type of user identifying info, like street address, date of birth, name or email address.
recode.netSpeaking on why the study was done, a statement from HP read:
"Late last year, we were hearing a lot about Internet of Things, and a bit about IoT security, but had not seen anything that focused on the complete picture of IoT security. So, we decided to start the OWASP [Open Web Application Security Project] Internet of Things Top 10 Project, which aims to educate on the main facets of Internet of Things security that people should be concerned with."
hp.comInformation technology research firm Gartner predicts there will be 26 billion individual Internet of Things objects in the world by the year 2020. In 2009, there were only about nine million of these devices sold.
"The fact is, that today, many categories of connected things in 2020 don't yet exist," Gartner research director Peter Middleton said in a statement. "As product designers dream up ways to exploit the inherent connectivity that will be offered in intelligent products, we expect the variety of devices offered to explode."
mashable.comAnd just in case, if it was yet clear what Internet of things mean, according to its Wikipedia entry:
"The Internet of Things (IoT, also Cloud of Things or CoT) refers to the interconnection of uniquely identifiable embedded computing like devices within the existing Internet infrastructure. Typically, IoT is expected to offer advanced connectivity of devices, systems, and services that goes beyond machine-to-machine communications (M2M) and covers a variety of protocols, domains, and applications."
wikipedia.org