Skip to comments.Average Internet of Things device has 25 security flaws
Posted on 07/31/2014 9:54:43 AM PDT by mojito
The Internet of Things (IoT) has connected everything from smoke alarms to fridges and cars, making life easier and safer but it has also given hackers a new way to attack their victims, warns HP.
In a study of the ten most popular IoT devices (which it did not name in its report) HP found 250 potentially dangerous security vulnerabilities.
The devices came from manufacturers of TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers.
All of the devices included remote smartphone applications which were used to control them.
It was found that 90 per cent of the devices collected personal information, 70 per cent transmitted that data on an unencrypted network and 60 per cent had insecure user interfaces. Eight out of ten failed to require a strong enough password.
(Excerpt) Read more at telegraph.co.uk ...
h/t Karl Denninger
Per his article today, you can complete your total security failure by getting an iPhone. (Fanboy incoming)
I will never connect any of those things to the internet.
One day, your coffee-maker will conspire with your car’s on-board computer to run you off the road, during your evening commute. Meanwhile, your microwave and toaster-oven will conspire to deplete all your bank accounts. If you ever make it home, your Roomba will knock you down, and try to suck your face off.
“Sexual gratification can only be achieved through the use of machines”
Sounds like a great opportunity for someone to enter the security space and make a killing...
Garage door openers?
Oh cool! Look, I can turn my lawn sprinklers on and off and open and close my garage door from my SmartPhone. Wow, I am just so tech savy.
Give me a break!!
Don’t even think about what happens when your fembot conspires with your meat slicer.
How ever far back you wish to go, the hue and cry has been the same!
“All of the devices included remote smartphone applications which were used to control them.”
I’m going to buy a plain Jane water heater. I see they have them now where you can buy ones that you can monitor, change with your smartphone. Too much money. But who wants something in your basement that can be hacked, and set to “bomb” instead. (Just saw some MythBusters shows about water heaters - amazing and scary!)
thermostats, power outlets, sprinklers.... collected personal data??
“It always feels like, somebody’s watching me!!”
The most dangerous of those is ordering from HP online. They stole my credit card and ran up a bill on iTunes. Neither HP or Apple would fix it.
Heck, they can't even provide a decent router/modem/wifi and worst of all, their tech support people are pretty lame.
Exactly. Wise person. However, that is what make them interesting to some folks — being able to set your thermostat remotely from your smart phone, etc. Fools!
Also, wouldn't Apple have account information about the perp?
Yes and yes.
Good. At least you weren’t out the money.
Working closely with IT security teams, I can tell you personally that the #1 most exploited non-standard web-enabled devices are TVs and BluRay players. Most of these devices are not set to automatically update software, and most users don’t bother to update the firmware/software once they have them.
I have several devices that are on my network(TV, gaming consoles, ect)
Almost all of them are what I’d refer to as being ‘insecure’, sending data in ‘human readable’ text. Sure, my home WiFi network is encrypted, but that doesn’t assure any traffic is encrypted once it leaves my site(home). I know for a fact that my TV(Samsung) and gaming consoles(PS4/XBox1) ‘phone home’ with sensitive information. They could EASILY implement encryption, but obviously choose not to do so...
All “smart” devices are designed to regulate the human per EPA or worse yet, UN Agenda 21.
On your knees, touch your head to the ground and pray to the Google overlords.
Except Apple and HP knew who did it but refused to stop it saying it happens too often to stop. Uh, excuse me! Even my credit card company refused to press charges and ate the theft even though it was enough for a hefty fine and 2 years behind bars. The local cops finally dropped it after over a year because everything was out of state. Criminals know this so they’re not worried. That, my FRiend is why cc rates are so high and why us honest customers have to pay so much for products.
If you can control your thermostat remotely, so can your government.
Exactly! Same with the ISP.
And they can snoop around on your network. And these devices use wifi which isn’t as secure as good old wired.
That is why I bought my own router and modem. I can control my own network.
If you rent your router/modem from the ISP, they have full control on the LAN side. I know this because when we tried Comcast’s telephone service, they forced us to take an all in one router/modem/wifi/VOIP POS. I wanted to turn off the wifi but couldn’t so I had to contact Comcast. Sure enough, they were able to configure the wifi. Scary.
And how quickly would Comcast or other ISPs allow the Feds access to your private network?
Also, I always wonder if there is some hidden port in the routers that allows full access to your network. At minimum, there are probably vulnerabilities. Call me paranoid.
Greenie weenies have already made it clear that they don’t believe citizens should be able to set their thermostats at whatever temp they’d like.
Ya. Damn them.
If they had done their jobs, those crooks might be in jail and not committing other crimes.
Yup. There may come a day when you can’t control your thermostat.
Right now it is optional and apparently you get a discount. But it may become mandatory.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.