View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
February 10, 2015

Hackers can hijack 100% of smart home devices

100% of smart home devices like motion detectors contain critical vulnerabilities, reveal HP.

By Amy-Jo Crowley

Consumers who own smart home security systems and monitoring devices are at risk from having them tampered by hackers, according to research.

A study by HP tested smart home devices like video cameras and motion detectors and found that 100% contained critical vulnerabilities.

The flaws included a lack of authorisation and transport encryption, insecure interfaces and privacy concerns.

After testing the authorisation quality, HP said all systems failed to require passwords of sufficient complexity and length with most only requiring a six character alphanumeric password. The systems also lacked the ability to lock out accounts after a certain number of failed attempts.

With regard to privacy, all systems collected some form of personal information such as name, address, date of birth, phone number and credit card numbers.

HP said exposure of this personal information is of great concern given the account harvesting issues across all systems.

The cloud-based interfaces also revealed security concerns. The tests found that an attacker could gain access to a device through account harvesting, which uses three application flaws, including account enumeration, weak password policy and lack of account lockout.

Content from our partners
Sherif Tawfik: The Middle East and Africa are ready to lead on the climate
What to look for in a modern ERP system
How tech leaders can keep energy costs down and meet efficiency goals

The test also revealed that while all systems had transport encryption such as SSL/TLS, many of the cloud connections remained vulnerable to attacks.

"As we continue to embrace the convenience and availability of connected devices, we must understand how vulnerable they could make our homes and families," said Jason Schmitt, VP and general manager of HP’s Security Products.

"With ten of the top security systems lacking fundamental security features, consumers must be diligent about adopting simple and practical security measures when they’re available, and device manufacturers must take ownership in building security into their products to avoid exposing their customers unknowingly to serious threats."

The research comes as 4.9 billion Internet of Things devices are expected to be in use by 2015, up 30% from 2014, and reaching 25 billion by 2020, according to Gartner.

HP leveraged HP Fortify on Demand to assess 10 home security IoT devices along with their cloud and mobile application components.

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU