Your home Internet of unsecured security things

For many consumers, Internet-enabled home security devices may be a tangible manifestation of the Internet of Things. However, they may not be very secure things.

A new report from Hewlett-Packard Co.’s HP Fortify business looked at 10 connected home security devices, as well as their cloud and mobile app components – checking in on your home from your smartphone is an oft-touted benefit of these systems. Connected security devices included door and window sensors, motion detectors, video cameras and recording mechanisms. And the results weren’t pretty.

“We continued to see significant deficiencies in the areas of authentication and authorization along with insecure cloud and mobile interfaces,” said the report. “It is of particular concern to see these deficiencies in systems where the primary function is security.”

While a significant increase in the use of transport encryption such as SSL/TLS was noted, the report added the configuration and implementation weakened the security the encryption technology should normally provide.

Significant vulnerabilities were identified with each device tested, including enumerable usernames, weak password policy and no account lockout. None required a strong password, and just one offered two-factor authentication. Four of the seven systems with cameras allowed multiple people video access, exacerbating account harvest issues, and two allowed video to be streamed locally without authentication.

“Products, services, and ecosystems around Internet of Things will increasingly offer a wide range of benefits that will entice both consumers and businesses,” said the report. “This research does not aim to dampen that enthusiasm, but rather to inform users that these capabilities come with risks, and that it’s in everyone’s best interest to understand those risks before activating these systems.”

HP recommends consumers include security in their feature considerations when shopping for such products, avoid using system defaults for user names and passwords and instead choose good passwords when possible. Enterprises should implement a firewall between Internet of Things devices and the rest of the network, and configure supplemental security features that may not be enabled by default.


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Jeff Jedras
Jeff Jedras
A veteran technology and business journalist, Jeff Jedras began his career in technology journalism in the late 1990s, covering the booming (and later busting) Ottawa technology sector for Silicon Valley North and the Ottawa Business Journal, as well as everything from municipal politics to real estate. He later covered the technology scene in Vancouver before joining IT World Canada in Toronto in 2005, covering enterprise IT for ComputerWorld Canada. He would go on to cover the channel as an assistant editor with CDN. His writing has appeared in the Vancouver Sun, the Ottawa Citizen and a wide range of industry trade publications.

Related Tech News

CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.