There's been a lot of hype about Internet of Things (IoT) and a hint on IoT security. HP decided to conduct the Open Web Application Security Project (OWASP) in order to educate on the important aspects of IoT Security which everyone should be aware of.
The study had a duration of three weeks and was participated by the researchers from HP's Fortify division. The researchers focused on some of the popular devices from the IoT categories. These include garage door openers, scales, home alarms, door locks, hubs for controlling multiple devices, sprinkler controllers, remote power outlets, home thermostats, webcams, and TVs.
The findings of the study accounted not only the devices but also the cloud and mobile applications that are connected to each of them. HP found that some of the devices needed strong passwords as the simple "1234" that is often used by hackers can already suffice to gain access. Some devices are vulnerable to cross-site scripting while there are those that lack the sophistication and, therefore, can be automated. Seven of the studied devices didn't have traffic encrypted whether locally or thru the Internet.
"Have you input your credit card information into your TV? That might not be an IoT best practice," said Senior Manager Maria Bledsoe of the Fortify division.
According to Gartner, there would be 26 billion devices that are expected to be included in the Internet of Things by the year 2020. That same year, product and service suppliers of IoT can earn total revenues of $300 billion.
On average, the study identified 25 vulnerabilities in every device which totaled to 250 vulnerabilities. HP noted that these vulnerabilities manifest clearly how the devices raise issues on privacy, insufficient authorization, lack of transport encryption, insecure web interface, and inadequate software protection.
"We need to sound a warning bell," says Bledsoe. These devices should have built-in security and have the capacity to transport encrypted data. Manufacturers should be able to conduct security reviews of their products. They can take their cue from the list of top 10 security problems that most commonly affect IoT devices which had been compiled by the OWASP.
Over the last few years, people had been dealing with security issues which had continuously challenged the Web apps and Internet retailers. Things such as credit card number and identity theft may have affected some individuals. However, it's totally different when it already involves the security of an individual's home. As long as the IoT devices are double-checked, found to be free from leaking private data, and show resistance to hackers, then every homeowner should have no reason to worry.
