Sony Pixel Power calrec Sony

HP Study Finds Alarming Vulnerabilities with Internet of ings (IoT) Home Security Systems

10/02/2015

HP Study Finds Alarming Vulnerabilities with Internet of Things (IoT) Home Security SystemsHP Fortify OnDemand finds that 100 percent of top security systems studied display significant security deficiencies

PALO ALTO, Calif., February 10, 2015 HP today released results of a security testingstudy revealing that owners of Internet-connected home security systems may not be the only ones monitoring their homes. The study found that 100 percent of the studied devices used in home security contain significant vulnerabilities, including password security, encryption and authentication issues.

Home security systems, such as video cameras and motion detectors, have gained popularity as they have joined the booming Internet of Things (IoT) market and have grown in convenience. Gartner, Inc. forecasts that 4.9 billion connected things will be in use in 2015, up 30 percent from 2014, and will reach 25 billion by 2020.(1) The new HP study reveals how ill-equipped the market is from a security standpoint for the magnitude of growth expected around IoT.

Manufacturers are quickly bringing to market connected security systems that deliver remote monitoring capabilities. The network connectivity and access necessary for remote monitoring presents new security concerns that did not exist for the previous generation of systems that have no internet connectivity.

The HP study questions whether connected security devices actually make our homes safer or put them at more risk by providing easier electronic access via insecure IoT products. HP leveraged HP Fortify on Demand to assess 10 home security IoT devices along with their cloud and mobile application components, uncovering that none of the systems required the use of a strong password and 100 percent of the systems failed to offer two-factor authentication.

The most common and easily addressable security issues reported include:

Insufficient authorization: All systems that included their cloud-based web interfaces and mobile interfaces failed to require passwords of sufficient complexity and length with most only requiring a six character alphanumeric password. All systems also lacked the ability to lock out accounts after a certain number of failed attempts.

Insecure Interfaces: All cloud-based web interfaces tested exhibited security concerns enabling a potential attacker to gain account access through account harvesting which uses three application flaws; account enumeration, weak password policy and lack of account lockout. Similarly five of the ten systems tested exhibited account harvesting concerns with their mobile application interface exposing consumers to similar risks.

Privacy Concerns: All systems collected some form of personal information such as name, address, date of birth, phone number and even credit card numbers. Exposure of this personal information is of concern given the account harvesting issues across all systems. It is also worth noting that the use of video is a key feature of many home security systems with viewing available via mobile applications and cloud-based web interfaces. The privacy of video images from inside the home becomes an added concern.

Lack of transport encryption: While all systems implemented transport encryption such as SSL/TLS, many of the cloud connections remain vulnerable to attacks (e.g. POODLE attack). The importance of properly configured transport encryption is especially important since security is a primary function of these systems.

As we continue to embrace the convenience and availability of connected devices, we must understand how vulnerable they could make our homes and families, said Jason Schmitt (@raidschmitt), vice president and general manager, Fortify, Enterprise Security Products (@HPsecurity), HP. With ten of the top security systems lacking fundamental security features, consumers must be diligent about adopting simple and practical security measures when they're available, and device manufacturers must take ownership in building security into their products to avoid exposing their customers unknowingly to serious threats.

As IoT product manufacturers work to incorporate much needed security measures, consumers are urged to consider security when choosing a monitoring system for their home. Implementing secure home networks before adding insecure IoT devices, instituting complex passwords, account lockouts and two-factor authentication are only a few measures consumers can take to make their IoT experience more secure. Legislators are also getting involved, with the U.S. Federal Trade Commission releasing a recent report analyzing the balance between security and privacy concerns with development of the IoT devices.

For more information, visit the first report in this IoT series, 2014 HP Internet of Things Research Study, which reviews the security of the top 10 most common IoT devices. Additionally, the most recent HP Security Briefing, Episode 20: The Internet of Things: A Security Overview looks at how the advent of millions of connected devices affects network security from a practical standpoint.

Methodology

Conducted by HP Fortify and leveraging HP Fortify on Demand, HP's Home Security Systems study tested 10 of the most commonly used home security IoT devices for vulnerabilities using standard security testing techniques that combined manual testing along with the use of automated tools. Devices and their components were assessed based on the OWASP Internet of Things Top 10 and the specific vulnerabilities associated with each top 10 category. The resulting data and percentages in this report were drawn from the 10 IoT systems tested. Given the popularity and similarity among the 10 devices, HP Fortify believes the results provide a good indicator of where the market currently stands as it relates to security and the Internet of Things.

Additio
LINK: http://www8.hp.com/us/en/hp-news/press-release.html?id=1909050...
See more stories from hp

Most recent headlines

05/01/2027

Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be demoed at CES 2026

Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...

06/09/2026

Dolby and MagentaTV Bring Fans Closer to the FIFA World Cup 2026 in Germany with Dolby Vision and Dolby Atmos

June 9 2026, 23:00 (PDT) Dolby and MagentaTV Bring Fans Closer to the FIFA Worl...

04/08/2026

Dalet Announces Commercial Availability of Dalia, Bringing Media-Aware Agentic AI to Enterprise Productions

Dalet, a leading technology and service provider for media-rich organizations, t...

04/07/2026

Blackmagic Design Cameras Empower Youth Broadcasting Program

Blackmagic Design Cameras Empower Youth Broadcasting Program Brie Clayton July 3, 2026 0 Comments Blackmagic Pocket Cinema Camera 6K Pro and Blackmagi...

04/07/2026

iZotope Joins Boris FX

iZotope Joins Boris FX Boris Yamnitsky July 3, 2026 0 Comments iZotope, the team behind RX and Ozone, is joining Boris FX. A letter from founder Boris...

04/07/2026

Detective Conan: Fallen Angel of the Highway Opens in Dolby Cinemas Across Japan, Presented in Dolby Atmos and Dolby ...

April 7 2026, 19:00 (PDT) Detective Conan: Fallen Angel of the Highway Opens in...

03/07/2026

VSL reveal Synchron Brass (muted)

New bundle & three Single Packs Continuing to expand their already sizeable orchestral collection, VSL's latest release introduces three new Single Pack...

03/07/2026

London Symphony Orchestra upgrade LSO St Luke's

Venue installs new ATC-equipped control room LSO St Luke's, a unique music venue that also serves as the home of the London Symphony Orchestra, have rec...

03/07/2026

Caden Pearson appointed new Commissioning Editor for NITV

Caden Pearson appointed new Commissioning Editor for NITV 3 July, 2026 Media releases National Indigenous Television (NITV) has strengthened its commitment...

03/07/2026

2023

1 February 2023 SHARE Facebook Twitter Linkedin Email Munich, Germany, 1st February 2023: Cinegy GmbH, the premier provider of software technology for digit...

03/07/2026

Broadcast Solutions Acquires BFE

Share Copy link Facebook X Linkedin Bluesky Email...

03/07/2026

AdClarity Expands CTV Offering to 20 Countries

Share Copy link Facebook X Linkedin Bluesky Email...

03/07/2026

Mountain West Conference Launches SVOD Service With New Revenue Model

Share Copy link Facebook X Linkedin Bluesky Email...

03/07/2026

Death Star

Death Star Andy Marken July 2, 2026 0 Comments Look, I can't get involved. I've got work to do. It's not that I like the Empire; I hate i...

03/07/2026

Berklee's New Visual Identity: Honoring Our History, Building for What's Next

Berklee's New Visual Identity: Honoring Our History, Building for What's...

03/07/2026

July 01, 2026

Scripps Research scientists awarded $2M to advance global disease surveillance Two Gates Foundation grants will expand wastewater surveillance and AI-driven dis...

03/07/2026

July 02, 2026

Joan Pulupa joins Scripps Research faculty to study the organization of DNA in brain cells and its links to neurodegeneration Using smell-sensing neurons and ad...

02/07/2026

SVG Students To Watch: Abby Finke, University of Dayton

Entering her senior year, this hometown girl is paving a career in live sports production gaining experience in replay and audio and as a TD In the live-sports...

02/07/2026

SVG GameDay, Ep. 22: Winnipeg Jets Kyle Balharry - Going to Work in the Great White North

In-venue and creative video staffers at the professional and collegiate level ha...

02/07/2026

BLAST Reports $133 Million in 2025 Revenue, Opens New York Headquarters

BLAST, a competitive entertainment company focused on esports, has announced more than $133 million in revenue for 2025, representing more than 40% year-over-ye...

02/07/2026

Riedel and SKAARHOJ Expand Collaboration with SimplyLive Integration

Riedel Communications has announced official SKAARHOJ panel support for SimplyLive production workflows, enabled through the SimplyLive 2.1 release. The integra...

02/07/2026

Czech Fire Rescue Service Deploys LiveU Video Transmission for Emergency Operations

The Fire Rescue Service of the Czech Republic has deployed LiveU video-over-bond...

02/07/2026

Gravity Media USA Appoints Brittney Boston as Head of Business Development

Gravity Media USA has announced the appointment of Brittney Boston as Head of Business Development, effective July 1, 2026. Based in Nashville, Tennessee, Bosto...

02/07/2026

TwelveLabs Raises $100 Million in Series B Funding

TwelveLabs, a video intelligence company, has announced $100 million in Series B funding co-led by NEA and NAVER Ventures, with participation from Amazon, Radic...

02/07/2026

Pro Padel League Announces Broadcast Partnership With USA Sports for 2026 Season

The Pro Padel League (PPL) has announced a broadcast partnership with USA Sports that will air five PPL championship matches on CNBC during the 2026 season, the...

02/07/2026

LiveLike Powers Eight FIFA World Cup 2026 Fan Engagement Activations Across Five Continents

LiveLike, a digital fan engagement platform, has announced eight confirmed FIFA ...

02/07/2026

InfoComm 2026: Cobalt Digitals blueCORE Wins Futures Best of Show Award

Cobalt Digital has received Future's Best of Show Award, presented by AV Technology at InfoComm 2026, for its blueCORE family of standalone signal processor...

02/07/2026

Synamedia Appoints Dr. Tzvi Gerstl as CEO

Synamedia has announced the appointment of Dr. Tzvi Gerstl as Chief Executive Officer. Paul Segre, who has served as CEO for the past six years, will transition...

02/07/2026

Esports World Cup 2026 Announces Expanded Sony Partnership for Paris Event

The Esports Foundation (EF) and Sony Group Corporation have announced an expanded collaboration for the Esports World Cup 2026 (EWC), taking place in Paris, Fra...

02/07/2026

Zee Entertainment Secures Exclusive Bundesliga Rights in India for Five Years

Zee Entertainment Enterprises Ltd. ( Z') has announced exclusive broadcast and digital rights for the Bundesliga in India for five years, beginning with the...

02/07/2026

All Hands on Deck: NBCU Comes Together to Produce Ultra-Complex Sail4th 250 Broadcast on July 4

An effort uniting News, Sports, Local, and Telemundo, the 50+-camera live produc...

02/07/2026

Release Rundown: What to Watch in July, From Gail Daughtry and the Celebrity Sex Pass to Murder 101

Zoey Deutch, John Slattery, Ken Marino, Miles Gutierrez-Riley, and Ben Wang appe...

02/07/2026

The Crow Hill Company introduce Brackish Pads

Stammering, stuttering, strangulated tones The Crow Hill Company's latest creation promises to be the most original sound set they've produced to d...

02/07/2026

Steinberg SpectraLayers 13 now available

A new era in unmixing and spectral editing The latest version of Steinberg's spectral audio-editing software has just arrived, building on the strength...

02/07/2026

Sine Machine from Melatonin

Aims to simplify additive synthesis Sine Machine is the debut launch from Melatonin, a Vienna-based developer who have spent the past six years creating wha...

02/07/2026

iZotope acquired by Boris FX

Products to remain fully active & supported Following the news of Native Instruments joining the inMusic brand line-up, Academy and Emmy Award-winning visua...

02/07/2026

GearExpo UK 2026

What you missed! Last weekend, Saturday 27 June 2026, saw the debut of Sound On Sounds new GearExpo UK event, the largest dedicated pro-audio event to take ...

02/07/2026

Imagine Communications Acquired by Lumine Group

Share Copy link Facebook X Linkedin Bluesky Email...

02/07/2026

Rise AV APAC Brings Mentoring Conversation to InfoComm As...

Following the successful launch of its inaugural APAC Mentoring Programme last month, the Rise AV APAC Regional Council will bring the conversation around mento...

02/07/2026

Blackmagic PYXIS 6K Used to Shoot Director Takahisa Zeze's Cry Out

Blackmagic PYXIS 6K Used to Shoot Director Takahisa Zeze's Cry Out Brie Clayton July 2, 2026 0 Comments Highly mobile camera supports tense and de...

02/07/2026

Broadcast Solutions acquires BFE, expanding its lead in European broadcast, media and communications infrastructure

Broadcast Solutions acquires BFE, expanding its lead in European broadcast, medi...

02/07/2026

Berklee Alum and Faculty Perform at Boston Public Library's 250th Anniversary Celebration of the Declaration of Independence

Berklee Alum and Faculty Perform at Boston Public Library's 250th Anniversar...

02/07/2026

Broadcast Solutions acquires BFE

Broadcast Solutions GmbH, a leading systems integrator and provider of innovative solutions for the broadcast media industry, is acquiring BFE Studio und Medien...

02/07/2026

LiveMode builds agile content ingest with Cinegy

Cinegy GmbH, the premier provider of software-defined television technology, has extended the ingest facility at leading Brazilian sports company LiveMode, work...

02/07/2026

Synamedia Appoints Dr Tzvi Gerstl CEO

Share Copy link Facebook X Linkedin Bluesky Email...

02/07/2026

Cobalt Digitals blueCORE Wins Futures Best of Show Award...

Standalone processors acknowledged for the innovation and value they bring to Pro AV Cobalt Digital, a leading designer and manufacturer of signal processing ...

02/07/2026

Synamedia Appoints Dr Tzvi Gerstl as CEO as Company Enter...

Synamedia announced today the appointment of Dr Tzvi Gerstl as Chief Executive Officer. Paul Segre, who has served as CEO for the past six years, will transitio...

02/07/2026

Screen Australia backs audience-led filmmaking with new insight-driven initiatives

Screen Australia backs audience-led filmmaking with new insight-driven initiativ...

02/07/2026

Screen Australia refines guidelines for Narrative Content Development and Documentary Development

Screen Australia refines guidelines for Narrative Content Development and Docume...