Internet of Things (IoT) devices contain numerous flaws which can make them highly vulnerable to cyber attacks, a new report has found.
About 70% of the most commonly used networked devices contain flaws a the HP report noted.
Despite averaging 25 vulnerabilities per product, the number and diversity of connected devices is anticipated to rise exponentially, with Gartner forecasting that IoT device numbers are to rocket to 26 billion units by 2020.
HP Enterprise Security Products VP Mike Armistead said: "While the Internet of Things will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface.
"With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats."
HP found that of the overall 10 of the most popular IoT devices scanned, on average, 25 vulnerabilities were discovered per device, totalling 250 security issues across all tested products.
Of the overall vulnerabilities, HP found that eight of the 10 devices tested raise privacy issues concerning the collection of consumer information including name, email address, home address, date of birth, credit card credentials and health information.
About 80% of IoT devices failed to necessitate passwords of required complexity and length, with a majority of them allowing passwords such as ‘1234’.
As part of tests, about 70% of IoT devices were not able to encrypt communications to the internet and local network, while half of the devices’ mobile applications executed unencrypted communications to the cloud, internet or local network.
Furthermore, HP found that six of the 10 devices raised security concerns with their user interfaces, while 60% of them did not use encryption when downloading software updates.
Gartner anticipates that the IoT product and service suppliers would generate incremental revenue surpassing $300bn, mostly in services, in 2020.
