A recent research report testing various IoT devices, commonly interconnected to our homes and businesses, revealed a plethora of vulnerabilities, including Heartbleed, Denial of Service, weak passwords and cross-site scripting (XSS).
The IoT study, performed by Fortify on Demand, tested a variety of products from manufactures of: TVs, webcams, home alarms, home thermostats, door locks, sprinkler controllers, device controlling hubs, remote power outlets, scales and garage door openers. The results showed that each IoT device was packed with an average of 25 vulnerabilities.
Additional findings indicated that 80 percent of these devices raised privacy concerns, as many of them are capable of collecting personal information, such as name, address, date of birth, health information and financial data.
Most of the devices also appeared to lack adequate authentication, with 80 percent of the devices failing to require a strong password – “1234” was usually enough to grant access. Even more alarming was the fact that many of the accounts configured for testing were also used on cloud services, as well as corresponding mobile apps, expanding the attack surface for users.
Other security concerns in the study demonstrated lack of transport encryption and insecure web interfaces or software. Researchers stated, “We identified a majority of devices along with their cloud and mobile counterparts that enable an attacker to determine valid user accounts using mechanisms such as the password reset features. These issues are of particular concern for devices that offer access to devices and data via a cloud website.”
“A world of interconnected ‘smart’ devices is here, albeit in the early stages,” read the report. “Fortunately, there’s still time to secure devices before consumers are at risk.”
Although the report did not disclose the manufacturers of the devices tested, Fortify on Demand stated vulnerabilities are being disclosed to vendors. The report also offered a number of actionable items to improve security for the manufactures of these devices.
Analyst firm Gartner, predicts that IoT will grow to 26 billion units installed by 2020, almost a 30-fold increase from 0.9 billion in 2009.
Read More Here…