70% Of Internet-Connected Appliances Are Vulnerable To Hacking

Suddenly, everything from refrigerators to sprinkler systems are wired and interconnected, and while these devices have made life easier, they’ve also created new attack vectors for hackers. These devices are now collectively called the Internet of Things (IoT). IoT devices are poised to become more pervasive in our lives than mobile phones and will have access to the most sensitive personal data such as social security numbers and banking information.

As the number of connected IoT devices constantly increases, security concerns are also exponentially multiplied. A couple of security concerns on a single device such as a mobile phone can quickly turn to 50 or 60 concerns when considering multiple IoT devices in an interconnected home or business. In light of the importance of what IoT devices have access to, it’s important to understand their security risk.

Researchers at HP's Fortify security arm examine the top 10 internet-connected home appliances or devices, and what they found was terrifying: the group of products had 250 different security flaws of the sort that hackers could take advantage of. Yes, on average, that means each device could be compromised 25 different ways.

gizmodo.com

Many of the vulnerabilities had to do with a lack of password strength and weak protection software. Eight out of 10 devices failed to require passwords strong enough to be useful, and the same amount put users at risk of having their personal information intercepted via cloud services.

mashable.com

But Re/code says the items came from manufacturers of "TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers." Y'know, basically anything you'd think of as an Internet of Things thing.

recode.net

Basically, most of these devices run a stripped-down version of Linux. The software comes in with some very basic vulnerabilities, and the companies making the devices aren't locking up those security gaps the way they would with a traditional computing gadget.

gizmodo.com

And we're talking some very basic vulnerabilities: of the 10 devices tested, seven sent all data (including personal identifying info) to the web completely un-encrypted, while six transmitted password info unencrypted. Six of the devices tested don't encrypt software updates, meaning a baddie could make a convincing-looking software update that takes over the device and operates it under the hacker's beck and call. Oh, and nine of the 10 devices collect some type of user identifying info, like street address, date of birth, name or email address.

recode.net

"Late last year, we were hearing a lot about Internet of Things, and a bit about IoT security, but had not seen anything that focused on the complete picture of IoT security. So, we decided to start the OWASP [Open Web Application Security Project] Internet of Things Top 10 Project, which aims to educate on the main facets of Internet of Things security that people should be concerned with."

hp.com

"The fact is, that today, many categories of connected things in 2020 don't yet exist," Gartner research director Peter Middleton said in a statement. "As product designers dream up ways to exploit the inherent connectivity that will be offered in intelligent products, we expect the variety of devices offered to explode."

mashable.com

"The Internet of Things (IoT, also Cloud of Things or CoT) refers to the interconnection of uniquely identifiable embedded computing like devices within the existing Internet infrastructure. Typically, IoT is expected to offer advanced connectivity of devices, systems, and services that goes beyond machine-to-machine communications (M2M) and covers a variety of protocols, domains, and applications."

wikipedia.org