HP has released new research, The Internet of Things State of the Union Study, which reveals that 70 percent of the most commonly used Internet of Things (IoT) devices contain serious vulnerabilities.
The study is an outgrowth of HP’s OWASP Internet of Things Top 10 Project. The projects goal is to educate the IT community on the main facets of Internet of Things security that enterprises should be concerned with. HP decided to use that project as a baseline for testing the top 10 IoT devices being used today. HP bought these top 10 IoT devices, tested them and has now published the study, which looks at the testing results and provides insight into what the results mean.
HP found that on average there were 25 vulnerabilities found per device, totaling 250 vulnerabilities. The main types of vulnerabilities were: privacy concerns; insufficient authorization; lack of transport encryption; insecure web interface; and inadequate software protection.
HP suggests these thoughts to take from the report:
- Internet of Things security is not one-dimensional. You need to look at all the surface areas discussed in the report and in the OWASP Internet of Things Top 10 Project in order to have a complete view of your risk.
- IoT Security is not just a consumer problem. Corporations need to be looking at how their ICS and SCADA systems fare when looked at under a similar light.
- The current state of Internet of Things security seems to take all the vulnerabilities from existing spaces, e.g. network security, application security, mobile security, and Internet-connected devices, and combine them into a new (even more insecure) space, which is troubling.