The Inquirer-Home

80 percent of IoT devices are vulnerable to data theft, says HP

Could allow hackers to access users' personal information such credit card credentials
Thu Jul 31 2014, 14:02
Intel and The INQUIRER are hosting a live chat on the Internet of Things

INTERNET OF THINGS (IOT) devices are riddled with security vulnerabilities, research from HP has revealed, with 80 percent of connected gadgets leaving users vulnerable to security risks including unencrypted communications and inadequate authentication.

Using its Fortify On Demand testing service, HP examined 10 devices to see how open they are to security vulnerabilities and found that eight of them could potentially allow hackers to access users' personal information such as name, address, email address, date of birth, health information and credit card details.

"Suddenly, everything from refrigerators to sprinkler systems are wired and interconnected, and while these devices have made life easier, they've also created new attack vectors for hackers," read the HP study, which the firm released on Tuesday.

Worryingly, the report also established that 90 percent of devices collected at least one piece of personal information via the device, the cloud or its associated mobile application, with six out of 10 being vulnerable to common security vulnerabilities, including cross-site scripting errors and weak passwords.

And while HP said 80 percent "raised privacy concerns" and failed to require passwords of sufficient length and complexity, 70 percent of them used unencrypted network services.

HP concluded that the reason such devices are left open to security risks is because the demand is so high that manufacturers rush them out without considering the consequences.

However, it's worth noting that the study's findings are based on the testing of only 10 IOT devices, so it's not exactly an accurate representation of the true state of security across the thousands of existing IOT devices, but it's probably close nonetheless.

Still, we doubt that the findings will put off IOT developers or backers. Last month, Intel, Samsung and Dell teamed up with other industry leading technology companies to promote IoT interoperability, creating the Open Interconnect Consortium (OIC).

The consortium, which also includes Atmel, Broadcom and Wind River, aims to develop a common, open source approach for systems and organisations that produce IoT devices.

That initiative follows other recent attempts by other big technology players including Qualcomm and Microsoft to join a group in lobbying for an IoT standard.

The Allseen Alliance, founded by Qualcomm, is pushing for the adoption of the open source Alljoyn protocol, which was designed, unsurprisingly, by Qualcomm, it emerged earlier last month.

Microsoft has joined the 50 strong consortium, which also includes Panasonic, LG and Sharp, to ensure that everything from thermostats to thermal imaging cameras to thighmasters are able to talk to one another across the connected home.

In June, a group of 40 technology firms including Intel, ARM, IBM and BT, also announced that they have developed an IoT specification called Hypercat to spur the growth of internet-connected devices in the UK. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015