The surge of Web-connected devices—TVs, refrigerators, thermostats, door locks and more—has opened up huge opportunities for cyberattacks because of weak security, researchers said Tuesday. The study conducted by Hewlett-Packard security unit Fortify said eight of 10 devices tests leaked private information that could include the user’s name, email address, home address, date of birth, credit card or health information. Some 70 per cent of the devices analysed failed to use encryption for communicating with the Internet and local network, another weakness that makes for easy outside access.
With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats.
Mike Armistead, vice president and general manager for Fortify’s enterprise security
The study comes amid recent security warnings about hacking of medical devices, cars, televisions and even toilets that have an Internet connection. The researcher scanned the most popular devices and their cloud components, and found on average 25 vulnerabilities per device. These products included TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers.