Industryweek 7115 Cybersecurity

Connected Devices Have Huge Security Holes

July 29, 2014
A new study by HP's Fortify reveals 70% of the most commonly used 'Internet of Things' devices contain vulnerabilities, including inadequate passwords or encryption, or lax access restrictions.

WASHINGTON - The surge of web-connected devices -- TVs, refrigerators, thermostats, door locks and more -- has opened up huge opportunities for cyberattacks because of weak security, researchers said Tuesday.

A study by the Hewlett-Packard (IW 500/9) (HPQ) security unit Fortify found 70% of the most commonly used "Internet of Things" devices contain vulnerabilities, including inadequate passwords or encryption, or lax access restrictions.

"While the Internet of Things will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface," said Mike Armistead, vice president and general manager for Fortify's enterprise security.

"With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats."

The study comes amid recent security warnings about hacking of medical devices, cars, televisions and even toilets that have an Internet connection.

The researcher scanned the most popular devices and their cloud components and found on average 25 vulnerabilities per device. These products included TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers.

The study said eight of 10 devices tests leaked private information that could include the user's name, email address, home address, date of birth, credit card or health information.

Most of the devices lacked passwords, making it easier for hackers or others to gain access while some included simple default passwords such as "1234."

Some 70% of the devices analyzed failed to use encryption for communicating with the Internet and local network, another weakness that makes for easy outside access.

HP said that while demand for these devices is surging, security has failed to keep pace, and this "opens the doors for security threats" from a variety of sources.

The study said some estimates indicate as many as 26 billion devices will be connected to the Internet by 2020.

"Fortunately, there's still time to secure devices before consumers are at risk," the report said.

Copyright Agence France-Presse, 2014

Popular Sponsored Recommendations

Global Supply Chain Readiness Report: The Pandemic and Beyond

Sept. 23, 2022
Jabil and IndustryWeek look into how manufacturers are responding to supply chain woes.

Empowering the Modern Workforce: The Power of Connected Worker Technologies

March 1, 2024
Explore real-world strategies to boost worker safety, collaboration, training, and productivity in manufacturing. Emphasizing Industry 4.0, we'll discuss digitalization and automation...

How Manufacturers Can Optimize Operations with Weather Intelligence

Nov. 2, 2023
The bad news? Severe weather has emerged as one of the biggest threats to continuity and safety in manufacturing. The good news? The intelligence solutions that build weather ...

How Organizations Connect and Engage with Frontline Workers

June 14, 2023
Nearly 80% of the 2.7 billion workers across manufacturing, construction, healthcare, transportation, agriculture, hospitality, and education are frontline. Learn best practices...

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!