Tech-giant Hewlett Packard has released a revealing report on Internet of Things (IoT) and data security. Products such as thermostats, televisions, webcams and home alarms – we haven’t been told the exact manufacturers – were analyzed to determine their vulnerability to online threats.
If It Connects to the Internet, It’s Gotta Be Secure
The results are slightly disturbing. While these gadgets are designed to make your life more convenient, HP’s findings tell us they can potentially bring on more harm than good. Most run on simplified versions of Linux. Therefore, when connected to the Internet, IoT devices are vulnerable to the same data security threats as a PC or smartphone.
More Holes than Swiss Cheese
Problem is, they haven’t been protected accordingly. Here’s a rundown of the most evident problems that HP discovered:
• Lack of password encryption – 8 out of 10 products accepted simple passwords like 1234. If password protection is weak, hackers are given a green light into the system.
• No Data Encryption – Basic security on PCs encrypt or conceal information being shared over a local network or the Internet. IoT devices consistently failed to perform this basic step. Encryption was absent on uploads of software as well. This means that hackers can create fraudulent software they can then use to take control. Not good.
• Poor interface security – Cross-scripting sites is when hackers inject code to pages accessed by an Internet user for the purpose of stealing information. Almost all software applications have gatekeepers to prevent this. Many IoT products interfaces do not.
Impenetrable Fortress or Hackers’ Delight?
The final piece of the report underscored the need to tighten data security in IoT. It won’t be long until IoT products are ubiquitous and change the way we live. Developers need to create security features that act as a bulwark against would-be threats. If not, it’s likely that almost everything you have can be virtual cannon fodder for those seeking to do harm.