Security concerns are developing faster than the Internet of Things (IoT). But HP claims it is tackling IoT related concerns head on and has identified what it describes as the top five issues for businesses to consider.
The research, carried out by Fortify, part of HP Enterprise Security Products, confirms those security concerns. It shows 70 percent of the most commonly used IoT devices contain vulnerabilities, including password security, encryption and general lack of granular user access permissions.
Always Connected, Always Vulnerable
Issues around mobile security are already a challenge in this era of always connected devices. Think how much greater those challenges will be of a business has, for example, 10 IoT connected devices.
And it’s not going to get any easier. As the IoT evolves, there will be billions of connected devices — and each one represents a potential doorway into your IT infrastructure and your company or personal data.
To produce this top five list, HP reviewed 10 of the most popular devices in some of the most popular IoT niches. It analyzed IoT devices from manufacturers of TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garages.
All devices surveyed included some form of cloud service and included mobile applications, which can be used to access or control the devices remotely.
HP noted that all the devices and components that were assessed were based on the Open Web Application Security Project (OWASP) Internet of Things Top 10 list and the specific vulnerabilities associated with each top 10 category.
The OWASP is a worldwide not-for-profit charitable organization focused on improving the security of software. It aims to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
Here's the List
The research showed a striking number of vulnerabilities per device ranging from Heartbleed (a vulnerability in the OpenSSL cryptographic software library enabling hackers steal information protected under normal conditions) to Distributed Denials of Service to weak passwords to cross-site scripting.