HP Study Finds Alarming Vulnerabilities with Internet of Things (IoT) Home Security SystemsHP Fortify OnDemand finds that 100 percent of top security systems studied display significant security deficiencies
PALO ALTO, Calif., February 10, 2015 HP today released results of a security testingstudy revealing that owners of Internet-connected home security systems may not be the only ones monitoring their homes. The study found that 100 percent of the studied devices used in home security contain significant vulnerabilities, including password security, encryption and authentication issues.
Home security systems, such as video cameras and motion detectors, have gained popularity as they have joined the booming Internet of Things (IoT) market and have grown in convenience. Gartner, Inc. forecasts that 4.9 billion connected things will be in use in 2015, up 30 percent from 2014, and will reach 25 billion by 2020.(1) The new HP study reveals how ill-equipped the market is from a security standpoint for the magnitude of growth expected around IoT.
Manufacturers are quickly bringing to market connected security systems that deliver remote monitoring capabilities. The network connectivity and access necessary for remote monitoring presents new security concerns that did not exist for the previous generation of systems that have no internet connectivity.
The HP study questions whether connected security devices actually make our homes safer or put them at more risk by providing easier electronic access via insecure IoT products. HP leveraged HP Fortify on Demand to assess 10 home security IoT devices along with their cloud and mobile application components, uncovering that none of the systems required the use of a strong password and 100 percent of the systems failed to offer two-factor authentication.
The most common and easily addressable security issues reported include:
Insufficient authorization: All systems that included their cloud-based web interfaces and mobile interfaces failed to require passwords of sufficient complexity and length with most only requiring a six character alphanumeric password. All systems also lacked the ability to lock out accounts after a certain number of failed attempts.
Insecure Interfaces: All cloud-based web interfaces tested exhibited security concerns enabling a potential attacker to gain account access through account harvesting which uses three application flaws; account enumeration, weak password policy and lack of account lockout. Similarly five of the ten systems tested exhibited account harvesting concerns with their mobile application interface exposing consumers to similar risks.
Privacy Concerns: All systems collected some form of personal information such as name, address, date of birth, phone number and even credit card numbers. Exposure of this personal information is of concern given the account harvesting issues across all systems. It is also worth noting that the use of video is a key feature of many home security systems with viewing available via mobile applications and cloud-based web interfaces. The privacy of video images from inside the home becomes an added concern.
Lack of transport encryption: While all systems implemented transport encryption such as SSL/TLS, many of the cloud connections remain vulnerable to attacks (e.g. POODLE attack). The importance of properly configured transport encryption is especially important since security is a primary function of these systems.
As we continue to embrace the convenience and availability of connected devices, we must understand how vulnerable they could make our homes and families, said Jason Schmitt (@raidschmitt), vice president and general manager, Fortify, Enterprise Security Products (@HPsecurity), HP. With ten of the top security systems lacking fundamental security features, consumers must be diligent about adopting simple and practical security measures when they're available, and device manufacturers must take ownership in building security into their products to avoid exposing their customers unknowingly to serious threats.
As IoT product manufacturers work to incorporate much needed security measures, consumers are urged to consider security when choosing a monitoring system for their home. Implementing secure home networks before adding insecure IoT devices, instituting complex passwords, account lockouts and two-factor authentication are only a few measures consumers can take to make their IoT experience more secure. Legislators are also getting involved, with the U.S. Federal Trade Commission releasing a recent report analyzing the balance between security and privacy concerns with development of the IoT devices.
For more information, visit the first report in this IoT series, 2014 HP Internet of Things Research Study, which reviews the security of the top 10 most common IoT devices. Additionally, the most recent HP Security Briefing, Episode 20: The Internet of Things: A Security Overview looks at how the advent of millions of connected devices affects network security from a practical standpoint.
Methodology
Conducted by HP Fortify and leveraging HP Fortify on Demand, HP's Home Security Systems study tested 10 of the most commonly used home security IoT devices for vulnerabilities using standard security testing techniques that combined manual testing along with the use of automated tools. Devices and their components were assessed based on the OWASP Internet of Things Top 10 and the specific vulnerabilities associated with each top 10 category. The resulting data and percentages in this report were drawn from the 10 IoT systems tested. Given the popularity and similarity among the 10 devices, HP Fortify believes the results provide a good indicator of where the market currently stands as it relates to security and the Internet of Things.
Additio
Most recent headlines
11/12/2025
Dalet, a leading provider of cloud-native, end-to-end media workflow solutions, ...
28/11/2025
Nadia Fall attends the 2025 Sundance Film Festival premiere of Brides at the Egyptian Theatre on January 24, 2025, in Park City, Utah. (Photo by Donyale West/...
28/11/2025
It's easy to ignore those little red update available badges. But when it ...
28/11/2025
WASHINGTON Federal Communications Commission has released a tentative agenda for the December Open Commission Meeting scheduled for Thursday, December 18, 2025 ...
28/11/2025
The Professional Fighters League is looking to super-serve fans of mixed martial...
28/11/2025
Fubo has released in beta on select Roku devices a new feature that lets users display up to four simultaneous streams at once....
28/11/2025
The WNBA playoffs and Week 4 of the NFL regular season highlight the list of live sports events airing on television this weekend....
28/11/2025
The 32nd class of honorees to the B+C Hall of Fame took to the stage at New York's Ziegfeld Ballroom on September 26 for a gala induction event. Click below...
28/11/2025
We hold in our hands the very last Next Text for Next TV, the weekly back-and-fo...
28/11/2025
DirecTV said it made a deal with EchoStar to buy EchoStar's video businesses, including satellite-TV provider Dish TV and virtual MVPD Sling TV, for $1 plus...
28/11/2025
The Broadcasting+Cable Hall of Fame, the premier industry event paying tribute to the influencers, innovators and shining lights of broadcast, cable and streami...
28/11/2025
Friday 28 November 2025
Sky Sports x Slawn drop limited-edition football jersey...
28/11/2025
Rohde & Schwarz shows resilience in a challenging environment, revenue exceeds t...
28/11/2025
Unwrapped: The Toy Show Appeal - airing this Sunday on RT One and RT Player- s...
27/11/2025
LONDON Vizrt has added several AI-driven advanced features offering improved speed, intelligence and accuracy in the newest version of its media asset managemen...
27/11/2025
Prime Video has launched AI-powered video season recaps in a beta version for select English-language Prime Original series in the U.S., a move Amazon is callin...
27/11/2025
Back to All News
Netflix's Raat Akeli Hai: The Bansal Murders Marks a Grand...
27/11/2025
27 Nov 2025
GSMA brings M360 Eurasia 2026 to Samarkand in partnership with VEON...
27/11/2025
Tahar Rahim and Izuka Hoyle star in the gripping six-part Sky Original from Acad...
27/11/2025
Thursday 27 November 2025
Sky Arts Reveals the Nation's Greatest Basslines - and Queen Reign Supreme
The UK's most iconic basslines have been revealed...
27/11/2025
Back to All News
Stranger Things 5': Prepare for One Last Adventure With O...
27/11/2025
The media industry has a paradox at its core. It's an industry built on light, color and imagination, yet behind the scenes, it's powered by one of the ...
27/11/2025
Rating reflects rating progress across areas including policies, diversity & inclusion, health & safety and Net Zero leadership
Winchester, UK, 27 November 202...
27/11/2025
What are the industry standards for Retail Media? Kathryn explains that certification is based on the IAB Europe Retail Media Measurement Standards and the IAB ...
27/11/2025
World champion boxer and Irish sporting icon Katie Taylor will be in studio this...
27/11/2025
Roblox, one of the world's most popular online gaming platforms for primary ...
27/11/2025
Black Friday is leveling up. Get ready to score one of the biggest deals of the season - 50% off the first three months of a new GeForce NOW Ultimate membership...
26/11/2025
SVG Sit-Down: Prime Video EP Mike Muriano Previews Massive Black Friday Slate Fe...
26/11/2025
A cinematic snow sculpture at the 1995 Sundance Film Festival. Photo by Randall Michelson...
26/11/2025
Book podcasts are booming. On Spotify, you'll find everything from celebrity book clubs to deep dives with bestselling authors. And in markets where audiobo...
26/11/2025
Mumbai, November 24, 2025: In a first-of-its-kind initiative, JioStar, in collab...
26/11/2025
LONDON Factual content producer ITN Productions has launched a new low-latency IP gallery for news bulletins....
26/11/2025
MIAMI TelevisaUnivision said it struck a new multiyear distribution agreement with YouTube TV that includes distribution of TelevisaUnivision's U.S. network...
26/11/2025
OpenDrives, Inc., a leader in software-defined data storage and data services, today announced the launch of the Atlas Corporate Creative Solution. This new Atl...
26/11/2025
Disguise, the industry-leading company powering the world's biggest live performances, is partnering with pioneering LED wall manufacturer DVS to give atten...
26/11/2025
HighField AI, the pioneer in agentic and multimodal automation for broadcast and media production, today announced the expansion of its global channel partner n...
26/11/2025
As high-stakes Premier League fixtures approach and additional premium content launches, with MONO positioning themselves to dominate Thailand's sports stre...
26/11/2025
Hosting a wide variety of events from high-intensity NHL games to complex live music concerts and major entertainment productions, Montreal's 21,000 capacit...
26/11/2025
Vizrt, the leader in live production technology revolutionizing viewer engagement and experience, releases AI-driven advances focusing on speed, intelligence, a...
26/11/2025
ITN Productions, an award-winning factual content producer, today launched a new low-latency IP gallery for news bulletins. Responsible for delivering a leading...
26/11/2025
Ikegami reports ongoing advances throughout 2025 in developing and delivering coordinated television production solutions that maximize quality, versatility and...
26/11/2025
Following the Nov. 21 blackout of NBCUniversal channels on Fubo, the two sides have traded barbs about their inability to reach a new carriage deal....
26/11/2025
LONDON As TV sports rights become increasingly important for both broadcasters and streamers, Ampere Analysis predicts global investment in the genre will surpa...
26/11/2025
LOS ANGELES Vubiquity said it has achieved the Amazon Web Services (AWS) Media & Entertainment Competency as part of the AWS Partner Network (APN). This designa...
26/11/2025
WASHINGTON The Federal Communications Commission's Enforcement Bureau said it has entered into a consent decree with Comcast calling for the cable company t...
26/11/2025
Berklee Named to the Hollywood Reporters Top Music Schools List The publication highlights the college's screen scoring program, industry partnerships, and ...
26/11/2025
Back to All News
Animated Series Love Through a Prism' Casts New Light on ...
26/11/2025
Back to All News
NALIP Unveils Fifth Cohort of Director Incubator
Social Impact
26 November 2025
United States
Link copied to clipboard
The National Assoc...
26/11/2025
YouView Achieves Greenly Gold Certification for SustainabilityNov 26, 2025
YouView is proud to announce a Gold Certification award from Greenly for our perform...
HP Study Finds Alarming Vulnerabilities with Internet of Things (IoT) Home Security SystemsHP Fortify OnDemand finds that 100 percent of top security systems studied display significant security deficiencies
