Internet of Things creates new set of security headaches

New research claims to show that the Internet of Things (IOT) is riddled with potential security inconsistencies, which make the IP interconnection of electrical devices - a key feature of the IoT - extraordinarily difficult to secure in practice.

Internet of Things creates new set of security headaches
Internet of Things creates new set of security headaches

According to HP's Fortify security operation, 70 percent of common IoT devices feature vulnerabilities, inadequate passwords or encryption, or lax access restrictions.

The report is one of the first to attempt to analyse the security risks associated with the interconnection of a wide variety of electrical devices, drawing on resources such as the OWASP Internet of Things Top 10 list.

According to the study, few revolutionary technologies have created new value pools, displaced incumbents, changed lives, liquefied industries, and made a trillion dollar economic impact.

"That is, until the Internet of Things (IoT) sprang to life. Today, the next big thing is embedding sensors, actuators and traditional low-power Systems on Chips (SoCs) into physical objects to link them to the digital world," the report notes.

For its review, HP Fortify reviewed ten of the most popular devices in some of the most common IoT niches, revealing a high average number of vulnerabilities per device. Vulnerabilities ranged from Heartbleed, through Denial of Service to weak passwords to cross-site scripting issues.

Devices from manufacturers of TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers were reviewed - and the majority of devices were found to include some form of cloud service, as well as mobile applications which can be used to access or control the devices remotely.

Six of the ten devices tested displayed security concerns with their web interface, including persistent cross-site scripting, poor session management and weak default credentials.

The report concluded that, the world of interconnected smart devices is here, albeit it is its early stages, but notes that there is still time to secure devices before consumers are at risk, recommending three main issues that developers need to address:

Conduct a security review of your device and all associated components

Implement security standards that all devices must meet before production

Ensure security is a consideration throughout the product lifecycle

According to Phil Turtle, chief communications officer with the Data Centre Alliance, Gartner has predicted that there will be 26 billion IoT-enabled devices by 2020, whilst ABI puts the number of WiFi-connected devices by the end of the decade at 30 billion,

The vast increase of device numbers, he told SCMagazineUK.com, will have a major effect on the demand for data centres in the near future, and that existing units will need to become more efficient, as well as secure. 

Page 1 of 2