Among the 10 most commonly used Internet of Things (IoT) devices, seven contain vulnerabilities related to passwords, encryption and general lack of granular user access permissions.
These devices were from makers of TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers.
According to a study by HP Fortify, a spike in demand for IoT is pushing manufacturers to quickly bring to market connected devices, cloud access capabilities and mobile applications in order to gain market share.
While the influx of IoT devices promises benefits to consumers, it also opens the doors for security threats ranging from software vulnerabilities to denial-of-service attacks to weak passwords and cross-site scripting vulnerabilities.
“With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats,” said Mike Armistead, VP and general manager, Fortify, Enterprise Security Products, HP.
Of the 10 devices – along with their corresponding cloud and mobile application components – test results raised privacy concerns regarding the collection of consumer data such as name, email address, home address, date of birth, credit card credentials and health information.
The same number of devices failed to require passwords of sufficient complexity and length, with most allowing password such as “1234.”