Proving the Business Case for the Internet of Things

Majority of IoT devices vulnerable to cyber attacks: HP

Iain Morris
August 7, 2014
A staggering 70% of devices developed for the Internet of Things (IoT) are vulnerable to cyber attacks, according to new research from Hewlett-Packard (HP).

The vulnerabilities are in areas including password security, encryption and granular user access permissions, says the IT player, and are appearing as manufacturers respond to soaring demand for IoT products and services.

According to research from Gartner, the IoT is set to include some 26 billion installed units by 2020, with IoT product and service suppliers expected to generate incremental revenues of more than $300 billion – mostly in services – in 2020.

While the increase is bringing about benefits for consumers, it is also opening the doors for a range of security threats.

“While the IoT will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface,” said Mike Armistead, vice president and general manager of Fortify, HP’s software security division. “With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats.”

HP (Palo Alto, CA, USA) says it has scanned ten of the most popular IoT devices to uncover an average of 25 vulnerabilities per device – equaling 250 security concerns across all tested products.

The company says the devices it tested were from manufacturers of TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers.

The most common security issues included privacy concerns regarding the collection of consumer data and insufficient authorization, with 80% of devices tested failing to require passwords of sufficient length and complexity.

Meanwhile, some 70% of devices analyzed did not encrypt communications to the internet and local network, while 60% raised security concerns with regard to their user interfaces.

The same percentage of devices failed to use encryption when downloading software updates, added HP.
The M2M Zone serves as the catalyst to the embedded systems community to gather knowledgeable and up-to-date information. From telematics to smart grid to telehealth, the M2M Zone understands that machine-to-machine technologies stretch across multiple industries to create a dynamic M2M eco-system.
Through our events, newsletters and webinars, we bring together end clients from these vertical industries as well as cellular network operators, module manufacturers, short-range wireless developers, and systems integrators, not just to provide information, but to offer a forum to meet and speak with your prospects and customers. 

For more information contact: