Larry Dignan over at ZDNet is writing about a new survey by HP’s Fortify application security division that finds 70 percent of Internet of things devices have exploitable software vulnerabilities.
Some caveats: HP makes its conclusions based on scans of “10 of the most popular Internet of things devices.” That’s a very small sample size that could (greatly) skew the results one way or the other. So take this with a grain of salt. You can download the full survey here. (PDF)
[Read Security Ledger coverage of Internet of Things here.]
According to Dignan, HP found 25 vulnerabilities per device. Audited devices included TVs, Webcams, thermostats, remote power outlets, sprinklers, door locks, home alarms, scales and garage openers. One of each, from the sound of it.
The findings, assessed based on the OWASP Internet of Things Top 10 list and vulnerability categories, account for the devices as well as cloud and mobile applications connected to them, ZDNet writes.
A failure to require strong passwords was a common fault. Eight of the ten failed to require strong passwords to authenticate to the device or to associated mobile applications and cloud resources.
Seven of the 10 devices failed to encrypt communications and six of the ten didn’t encrypt software updates. Seven of 10 devices audited were found to have insecure Web interfaces.
Read more here: Internet of things big security worry, says HP | ZDNet.