• Cryptocurrency
  • Earnings
  • Enterprise
  • About TechBooky
  • Submit Article
  • Advertise Here
  • Contact Us
TechBooky
  • African
  • AI
  • Metaverse
  • Gadgets
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
  • African
  • AI
  • Metaverse
  • Gadgets
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
TechBooky
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Home General Gaming

HP study: 250 security flaws found in just 10 of the most popular smart home devices

Paul Balo by Paul Balo
August 2, 2014
in Gaming, Research/How to do it, Security, Service news, Software
Share on FacebookShare on Twitter

Excited about the promise of the shiny new Internet of Things? Good. Because hackers are too. Or at least they should be, according to a study by computing giant Hewlett-Packard.

The company’s Fortify application security unit conducted an analysis of the 10 most popular consumer Internet things on the market and found 250 different security vulnerabilities in the products, for an average of 25 faults each. Unfortunately, HP doesn’t identify each product but does describe them in broad brushstrokes: They were from the manufacturers of “TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers.”

As a basic rule, these devices often run stripped-down versions of the Linux operating system, and so will have many of the same basic security concerns that you might expect to be in place on a server or other computer running Linux. The problem is, the people building them aren’t going to the effort to secure them the way they would a more traditional computer.

What’s happening, says Mike Armistead, VP and general manager of HP’s Fortify unit, is that manufacturers are rushing to get their products on the market without doing the harder work of locking their devices down against the most basic kinds of attacks.

Magnifying the potential for the problem is the fact that once one device is compromised, overlapping vulnerabilities can lead an attack from one to the other. If that seems like alarmist paranoia, remember that one of the most damaging hacking attacks in history, the Target breach, in which information on more than 70 million people was compromised, was carried out by way of an attack on a system used to manage and maintain the heating and ventilation system in the company’s stores.

Eight devices failed to require passwords stronger than “1234” either on the device itself or on a corresponding website.
Seven of the devices tested do no encryption when communicating with the Internet or a local network, meaning whatever data they’re sending is going out, sensitive or not, “in the clear.”
Six devices had weak security on their interfaces, were vulnerable to persistent cross-site scripting attacks, had weak default sign-in credentials, or transmitted sign-in credentials like passwords “in the clear.” (See the bit about encryption above.)
Six devices didn’t encrypt software updates during the download. That’s especially alarming because bad guys could create a software update that looks legit and basically reprogram the device to do whatever they want it to. Consider what that means when a Webcam or a garage door opener are connected to the Internet and then use your imagination.
Take all the above into consideration, and then add this: Nine of the 10 devices collected at least some kind of personal information: An email address, a home address, a name or date of birth.
To conduct the study, researchers at HP’s Fortify did what they do all the time: They subjected the devices to the company’s Fortify on Demand service, which basically tests software for known and potential security problems.

So how big will the Internet of Things be? One educated guess by the research firm Gartner says it could swell to include 26 billion individual devices by 2020.

As Armistead put it: “For a hacker, that’s a pretty big new target to attack.”

Consider yourself warned.

source: Arik Hesseldahl/Recode, Techmeme

Related Posts:

  • White House Announces New Labelling For Reputable IT Gadgets
    White House Announces New Labelling For Reputable IT Gadgets
  • facts-about-safari-web-browser
    Safari Becomes The Second Browser To Hit One Billion…
  • assets_task_01jsp4kgarepk94repqb92cvgn_1745573577_img_0
    The Smart Home Rebellion
  • google-intel-confidential-computing-more-s.max-2000×2000
    Google Cloud Reported More Than 10 Bugs On Intel’s…
  • New-lock-tech-security-303570139
    Open Source Security Needs Automation As Usage Increases
  • 1200x675_cmsv2_5b73bfac-4817-58b5-a7aa-bc44740daa54-9020980
    DeepSeek AI Soars in Popularity, but Privacy Flaws…
  • prisoner
    Tech Advances Help Analysts Solve More Cases
  • Small-Business-Scale-In-Nigeria
    Small Businesses In Nigeria Are Still In Danger,…

Discover more from TechBooky

Subscribe to get the latest posts sent to your email.

Tags: cyber fraud
Paul Balo

Paul Balo

Paul Balo is the founder of TechBooky and a highly skilled wireless communications professional with a strong background in cloud computing, offering extensive experience in designing, implementing, and managing wireless communication systems.

BROWSE BY CATEGORIES

Receive top tech news directly in your inbox

subscription from
Loading

Freshly Squeezed

  • Future Telecom Trends Are Being Shaped by the AI–5G Convergence May 24, 2025
  • WhatsApp Adds Encrypted Voice Chat to All Groups May 24, 2025
  • DOJ Reportedly Investigates Google’s Character.AI Partnership May 23, 2025
  • Sony Organises A PlayStation Event for June; A State of Play May 23, 2025
  • Microsoft’s New AI features in Notepad, Paint, & Snipping Tool Test Trials May 23, 2025
  • Bluesky Starts Confirming “Notable” Users May 23, 2025

Browse Archives

May 2025
MTWTFSS
 1234
567891011
12131415161718
19202122232425
262728293031 
« Apr    

Quick Links

  • About TechBooky
  • Advertise Here
  • Contact us
  • Submit Article
  • Privacy Policy

Recent News

Future Telecom Trends Are Being Shaped by the AI–5G Convergence

Future Telecom Trends Are Being Shaped by the AI–5G Convergence

May 24, 2025
WhatsApp Adds Encrypted Voice Chat to All Groups

WhatsApp Adds Encrypted Voice Chat to All Groups

May 24, 2025
DOJ Reportedly Investigates Google’s Character.AI Partnership

DOJ Reportedly Investigates Google’s Character.AI Partnership

May 23, 2025
Sony Organises A PlayStation Event for June; A State of Play

Sony Organises A PlayStation Event for June; A State of Play

May 23, 2025
Microsoft’s New AI features in Notepad, Paint, & Snipping Tool Test Trials

Microsoft’s New AI features in Notepad, Paint, & Snipping Tool Test Trials

May 23, 2025
Bluesky Starts Confirming “Notable” Users

Bluesky Starts Confirming “Notable” Users

May 23, 2025
  • Login

© 2021 Design By Tech Booky Elite

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
  • African
  • Artificial Intelligence
  • Gadgets
  • Metaverse
  • Tips
  • About TechBooky
  • Advertise Here
  • Submit Article
  • Contact us

© 2021 Design By Tech Booky Elite

Discover more from TechBooky

Subscribe now to keep reading and get access to the full archive.

Continue reading

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok