HP Study Reveals 70 Percent of Internet of Things Devices Vulnerable to AttackIoT devices averaged 25 vulnerabilities per product, indicating expanding attack surface for adversaries
PALO ALTO, Calif. - HP today released results of a study revealing 70 percent of the most commonly used Internet of Things (IoT) devices contain vulnerabilities, including password security, encryption and general lack of granular user access permissions.
With the rise of IoT, the number and diversity of connected devices is expected to increase exponentially. According to Gartner, the Internet of Things will include 26 billion units installed by 2020. IoT product and service suppliers will generate incremental revenue exceeding $300 billion, mostly in services, in 2020. (1)
This spike in demand is pushing manufacturers to quickly bring to market connected devices, cloud access capabilities and mobile applications in order to gain share. While this increase in IoT devices promises benefits to consumers, it also opens the doors for security threats ranging from software vulnerabilities to denial-of-service (DOS) attacks to weak passwords and cross-site scripting vulnerabilities.
While the Internet of Things will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface, said Mike Armistead, vice president and general manager, Fortify, Enterprise Security Products, HP. With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats.
HP leveraged HP Fortify on Demand to scan 10 of the most popular IoT devices, uncovering, on average, 25 vulnerabilities per device-totaling 250 security concerns across all tested products. The IoT devices tested-along with their cloud and mobile application components-were from manufacturers of TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers.
The most common and easily addressable security issues reported include:
Privacy concerns: Eight of the 10 devices tested, along with their corresponding cloud and mobile application components, raised privacy concerns regarding the collection of consumer data such as name, email address, home address, date of birth, credit card credentials and health information. Moreover, 90 percent of tested devices collected at least one piece of personal information via the product itself, the cloud or its mobile application.
Insufficient authorization: 80 percent of IoT devices tested, including their cloud and mobile components, failed to require passwords of sufficient complexity and length, with most devices allowing password such as 1234. In fact, many of the test accounts HP configured with weak passwords were also used on the products' websites and mobile applications.
Lack of transport encryption: 70 percent of IoT devices analyzed did not encrypt communications to the internet and local network, while half of the devices' mobile applications performed unencrypted communications to the cloud, internet or local network. Transport encryption is crucial given that many of the tested devices collected and transmitted sensitive data across channels.
Insecure web interface: Six of the 10 devices evaluated raised security concerns with their user interfaces such as persistent XSS, poor session management, weak default credentials and credentials transmitted in clear text. Seventy percent of devices with cloud and mobile components would enable a potential attacker to determine valid user accounts through account enumeration or the password reset feature.
Inadequate software protection: 60 percent of devices did not use encryption when downloading software updates, an alarming number given that software powers the functionality of the tested devices. Some downloads could even be intercepted, extracted and mounted as a file system in Linux where the software could be viewed or modified.
To protect against security hazards that come along with the rise of IoT, it is imperative for organizations to implement an end-to-end approach to identify software vulnerabilities before they are exploited. Solutions like HP Fortify on Demand enable organizations to test the security of software quickly, accurately, affordably and without any software to install or manage-proactively eliminating the immediate risk in legacy applications and the systemic risk in application development.
Methodology
Conducted by HP Fortify and leveraging HP Fortify on Demand, the Internet of Things Security: State of the Union study tested 10 of the most commonly used IoT devices for vulnerabilities using standard testing techniques that combined manual testing along with the use of automated tools. Devices and their cloud, network and client application components were assessed based on the OWASP Internet of Things Top 10 list and the specific vulnerabilities associated within each category.
Additional information about application security and further details resulting from the study are available at hp.com/go/fortifyresearch/iot.
HP will be addressing the latest trends in enterprise security at the Black Hat USA 2014 conference, taking place Aug. 2-7 in Las Vegas. Visit the HP booth (No. 911) for an IoT product demo and Capture the Flag hacking contest. Additional information on HP's presence at the show can be found here.
(1) Gartner, Forecast: The Internet of Things, Worldwide, 2013, November 2013.
2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the e
Most recent headlines
04/08/2024
Dalet, a leading technology and service provider for media-rich organizations, is excited to announce Santiago Solanas as its new Chief Executive Officer (CEO)....
03/06/2024
Dalet, a leading technology and service provider for media-rich organizations, a...
07/05/2024
Share this article
width=32 height=32 loading=lazy data-lazy-src=https://apogeedigital.com/app/themes/juniper-theme/src/img/icons/facebook-purple.svg />
wid...
07/05/2024
BURBANK, Calif. The Walt Disney Company has finally delivered some from profits from its hefty streaming investments, with the second quarter of its fiscal year...
07/05/2024
Bonnie Hammer, vice chair of NBCUniversal, and Jen Psaki, MSNBC host, read from their new books at the 92nd Street Y in Manhattan Wednesday, May 8. Hammer's...
07/05/2024
Paramount Plus has ordered the series Crutch, a comedy that is a spinoff of CBS comedy The Neighborhood. Tracy Morgan stars....
07/05/2024
Edward J. and Melody Thomas Scott and Lidia Bastianich will receive Lifetime Achievement honors at the 51st annual Daytime Emmy Awards in June, the National Aca...
07/05/2024
The 2024 Giants of Broadcasting & Electronic Arts luncheon and awards ceremony happens in New York November 12, and the honorees are Al Roker, weather and featu...
07/05/2024
Dabl Network has added The Wayans Bros., The Jamie Foxx Show, Living Single and Everybody Hates Chris to its weekday and weekend lineups. Those shows join the l...
07/05/2024
After winning a proxy fight, The Walt Disney Co. said its entertainment business turned a profit and added subscribers in its fiscal second quarter....
07/05/2024
NBA Entertainment is closing out the second season of its series Pass the Rock with a look at Victor Wembanyama of the San Antonio Spurs, the league's rooki...
07/05/2024
Syncbak, which provides stations with streaming capabilities, said it is rebranding as Zeam Media....
07/05/2024
Samsung has made a deal with Magnolia Pictures that will bring titles from Magnolia to the Samsung TV Plus free streaming platform....
07/05/2024
Amazon, which has added commercials to Amazon Prime Video, is rolling out new interactive ad formats that will enable advertisers to engage streamers and sell s...
07/05/2024
Syncbak, a 15 year-old provider of streaming tech for local broadcast stations has rebranded itself, adopting the name of its streaming service launched in Febr...
07/05/2024
POST Luxembourgs journey with TAG Video underscores how finding a vendor who und...
07/05/2024
PORTSMOUTH, N.H. New findings from Hub Entertainment Research provides extensive data showing that the majority of consumers will opt for lower cost ad-supporte...
07/05/2024
NEW YORK The Library of American Broadcasting Foundation (LABF) has announced th...
07/05/2024
CBS News has named Lindsey Reiser an anchor and correspondent for CBS News 24/7, the network's live, streaming news service. Reiser, who was most recently a...
07/05/2024
NEEDHAM, Mass. After more than two years of decline, worldwide tablet shipments posted modest year-over-year growth of 0.5% in the first quarter of 2024 (1Q24),...
07/05/2024
ESPN is reporting that April was a record-setting month as the network delivered its best April prime time audience on record, dating back more than 30 years....
07/05/2024
WASHINGTON, D.C. The National Association of Broadcasters (NAB) has announced that Kirsten Donaldson has joined NAB as vice president of public policy. Donaldso...
07/05/2024
The Bulls are back home again this week from May 7-12! Don't miss out on any...
07/05/2024
CUPERTINO, CALIFORNIA Apple today unveiled the all-new Logic Pro for iPad 2 and Logic Pro for Mac 11, delivering breakthrough professional experiences for songw...
07/05/2024
Apple's new Privacy Manifest requirement mandates that apps explicitly disclose the privacy-related data they collect, the purposes for this collection, and...
07/05/2024
Taylor Swift's Eras Tour arrives to shake up EuropeHaving shaken four continents, Taylor Swift's Eras Tour finally brings the biggest pop culture icon o...
07/05/2024
Isiphetho: Destiny' beats Scandal!'E.tv's latest telenovela Isiphetho: Destiny' beat the channel's longest running soapie, Scandal!' ...
07/05/2024
Now there's HELP for ex-prisoners to find work in South AfricaNew initiative for ex-prisoners to find work in South Africa proves it's never too late fo...
07/05/2024
Tonight on Scandal: Cohen is pulled into keeping a secretDon't miss Tuesday, 7 May's riveting episode of South African soapie Scandal! on e.tv on DStv c...
07/05/2024
Skeem Saam: Monday's episode, 6 May 2024 [video]Missed an episode of Skeem Saam? No problem! Watch the latest episode of your favourite South African soapie...
06/05/2024
By Ilyse McKimmie
Now, more than ever
That's a phrase so often used in the last few years that I've come to dread seeing it in notes like this one. A...
06/05/2024
alt= class=wp-image-12099 data-lazy-src=/wp-content/uploads/2024/05/Blog-Exabyte-Storage-Demand-960x540-1.jpg/> Demand for storage solutions has reached unprece...
06/05/2024
Around the world, Asian and Pacific Islander (API) artists continue to impact mu...
06/05/2024
Spotify is making it easier for booklovers to count down the days, hours, minutes, and seconds until a new audiobook releases. With Countdown Pages for audioboo...
06/05/2024
Get Ready to join Dan Hong as he hits the streets in his ultimate culinary journ...
06/05/2024
In this video, cinematographer Simon Rowling welcomes viewers behind the scenes as he lights a daytime-interior scene inside a coffee shop. Shooting on Panavisi...
06/05/2024
L3Harris is well positioned to support the complex and multifaceted nature of special operations forces in all domains through our agile and responsive technolo...
06/05/2024
OAKVILLE, Ontario As part of Emergency Preparedness Week, Alert Ready, Canadas national public alerting system, will be distributing a test alert to Canadians i...
06/05/2024
NEW ROCHELLE, N.Y. Horowitz Research has released a new study on the viewing and media habits of U.S. Hispanic/Latine audiences that shows a dramatic decline in...
06/05/2024
RE:Vision Effects Autograph 2024.4 released! 50% Off Through May 9th
Brie Clayton May 6, 2024
0 Comments
New game-changing motion graphics & VFX featu...
06/05/2024
NBC has renewed Night Court for a third season. The courtroom comedy was on the network from 1984 to 1992, and NBC rebooted it in early 2023....
06/05/2024
ABC has revealed its summer schedule. The Bachelorette gets going Monday, July 8, with Jenn Tran the star in season 21. Celebrity Family Feud starts up Tuesday,...
06/05/2024
It's almost go-time for the Holly Springs Salamanders! The season opener is ...
06/05/2024
Tonight on Scandal: Deception is rife as a man places his trust in the unfaithfu...
06/05/2024
Rap beef between Drake and Kendrick Lamar turns NASTYA long-simmering feud between rap titans Drake and Kendrick Lamar has exploded into allegations of pedophil...
06/05/2024
The Amazonas Digital initiative will see INRED leverage SES's MEO satellites...
06/05/2024
Tonight on Skeem Saam: Kobus busts Pretty in a compromising positionDon't miss Monday, 6 May's riveting episode of South African soapie Skeem Saam on SA...
06/05/2024
Tonight on House of Zwide: Bra Zakes and Sphamandla agree to leave Tembisa and n...
06/05/2024
RT has announced details of its coverage across digital, TV and Radio in the ru...
HP Study Reveals 70 Percent of Internet of Things Devices Vulnerable to AttackIoT devices averaged 25 vulnerabilities per product, indicating expanding attack surface for adversaries
