A new Hewlett-Packard (HPQ) study revealed 70 percent of the most commonly used Internet of Things (IoT) devices contain vulnerabilities.

Dan Kobialka, Contributing writer

August 5, 2014

3 Min Read
A new HewlettPackard HPQ study revealed 70 percent of the most commonly used Internet of Things IoT devices contain vulnerabilities
A new Hewlett-Packard (HPQ) study revealed 70 percent of the most commonly used Internet of Things (IoT) devices contain vulnerabilities.

Internet of Things (IoT) devices such as laptops, smartphones and tablets could put users and their data at risk, according to a new Hewlett-Packard (HPQ) study.

HP’s Internet of Things State of the Union Study revealed 70 percent of the most commonly used IoT devices contain vulnerabilities.

HP leveraged its application security software, Fortify on Demand, to scan 10 of the most popular IoT devices and uncovered, on average, 25 vulnerabilities per device.

“While the Internet of Things will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface,” Mike Armistead, vice president and general manager of HP Fortify Enterprise Security Products, said in a prepared statement.

Other study results included:

  • 90 percent of tested devices collected at least one piece of personal information via the product itself, the cloud or its mobile application.

  • 80 percent of IoT devices tested, including their cloud and mobile components, failed to require passwords of sufficient complexity and length, and most devices allowed passwords such as “1234.”

  • 70 percent of IoT devices analyzed did not encrypt communications to the Internet and local network, while half of the devices’ mobile applications performed unencrypted communications to the cloud, Internet or local network.

  • 60 percent of devices did not use encryption when downloading software updates.

  • 60 percent of devices raised security concerns with their user interfaces.

“There are now more ways than ever for hackers to exploit connected devices, so it’s important that developers and manufacturers build security into these products from the beginning to disrupt the adversary and mitigate any risks,” Maria Bledsoe, senior manager of product marketing for HP Fortify Enterprise Security Products, told Talkin’ Cloud. “Device owners also need to be cautious in terms of the sensitive information they share with these devices and ensure that all private data is safely stored.”

Securing the Internet of Things
IoT will include 26 billion units by 2020, according to Gartner.

The research firm anticipates the market for IoT products and services will generate incremental revenue exceeding $300 billion over the next six years as well.

Gartner officials noted IoT, however, creates numerous challenges for enterprises.

“The enormous number of devices, coupled with the sheer volume, velocity and structure of IoT data, creates challenges, particularly in the areas of security, data, storage management, servers and the data center network, as real-time business processes are at stake,” Gartner Vice President Joe Skorupa said.

Skorupa said he believes data center managers “will need to deploy more forward-looking capacity management” with IoT devices. He also pointed out aggregating data via mini data centers could become a viable option for enterprises to secure their data.

“The recent trend to centralize applications to reduce costs and increase security is incompatible with the IoT. Organizations will be forced to aggregate data in multiple distributed mini data centers where initial processing can occur. Relevant data will then be forwarded to a central site for additional processing,” he said.

Bledsoe added she believes testing IoT devices is key for enterprises.

“Companies need to test their devices on a continuous basis to ensure that they catch vulnerabilities as early as possible. Security testing solutions … enable organizations to quickly analyze their applications, and [it] allows them enough time to appropriately react to any security concern before the issue gets too out of hand,” she said.

Share your thoughts about this story in the Comments section below, via Twitter @dkobialka or email me at [email protected].

About the Author(s)

Dan Kobialka

Contributing writer, Penton Technology

Dan Kobialka is a contributing writer for MSPmentor and Talkin' Cloud. In the past, he has produced content for numerous print and online publications, including the Boston Business Journal, Boston Herald and Patch.com. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State College (now Bridgewater State University). In his free time, Kobialka enjoys jogging, traveling, playing sports, touring breweries and watching football (Go Patriots!).  

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like