A recent study by networking giant Hewlett-Packard (HPQ) has revealed that some 70 percent of the most common Internet of Things (IoT) devices are plagued by security vulnerabilities, making those devices prime targets for hackers. With the expected massive growth of IoT devices, enterprise must take notice and implement pre-emptive security technologies to bring a modicum of protection to those devices. Here, solution providers can lend a hand, and prepare their customers with security products and policies to prevent IoT from opening networks to attack.

IoT devices can include most any technology, ranging from automobiles to toaster ovens and digital controls on assembly lines, and offer significant advantages for enterprises looking to maximize the potential offered by automation and predictive measurements. Therein lies the true problem: The data offered by IoT devices can have enormous value and can have a detrimental impact on businesses if compromised or corrupted.

Proceed with Caution

Identifying potential security faults with IoT devices should be job No. 1 when deploying those devices, yet that remains a significant challenge due to the number of zero-day vulnerabilities being found as new devices arrive on the market. HP’s study revealed that weaknesses associated with IoT devices include serious threats ranging from the “HeartBleed” bug to weak password policies to a lack of encryption technology.

Interestingly, many of those same vulnerabilities also are present in other technologies, including mobile devices, networking equipment and web applications—meaning IoT vendors have not learned from the mistakes of the past, which have been covered extensively by IT security groups and associations.

HP’s research targeted 10 of the most popular IoT devices, including webcams, TVs, thermostats, sprinkler controls, remote controlled power outlets and automated door locks. It found the majority of those devices raised security and privacy concerns, potentially allowing remote attackers to seize control of the devices or monitor activity without being detected.

HP’s researchers also discovered that some 90 percent of the devices collected at least one piece of personal information via the device or its associated cloud or mobile application. Privacy concerns were also identified by researchers when it was discovered that most devices, as well as their cloud and mobile applications, could allow an attacker to identify their accounts.

One of the biggest problems uncovered was that a majority of devices allowed the use of weak passwords (such as "1234") or poorly protected credentials, which makes it relatively easy for attackers to gain control.

What’s more, 70 percent of the tested devices lacked transport encryption, potentially allowing sensitive data being passed between the device, cloud and mobile application to be intercepted. A problem further complicated by the fact that 60 percent of the devices suffered from insecure software update procedures.

Not Ready for Prime Time

Although industry analysis firm Gartner predicts that by 2020, more than 26 billion items will be connected to IoT devices, one fact remains today: The majority of those devices may be susceptible to serious security issues, unless industry vendors start taking those security issues much more seriously. Nevertheless, IoT is here and growing rapidly and enterprise network managers must careful consider the implications those devices can have on network security, privacy and compliance. Simply put, the best stratigy may be one of wait and see and let others explore the bleeding edge of the technology, while learning from their mistakes.  

HP notes in its report that while the technology is catching on fast, it is still in its early stages, giving manufacturers an opportunity to tighten security standards before more adopters are put at risk. Solution providers need to investigate those security concerns, related security products and craft a plan on how to protect customers from IoT compromises, while deriving some ongoing revenue at the same time.