Your home Internet of unsecured security things

For many consumers, Internet-enabled home security devices may be a tangible manifestation of the Internet of Things. However, they may not be very secure things.

A new report from Hewlett-Packard Co.’s HP Fortify business looked at 10 connected home security devices, as well as their cloud and mobile app components – checking in on your home from your smartphone is an oft-touted benefit of these systems. Connected security devices included door and window sensors, motion detectors, video cameras and recording mechanisms. And the results weren’t pretty.

“We continued to see significant deficiencies in the areas of authentication and authorization along with insecure cloud and mobile interfaces,” said the report. “It is of particular concern to see these deficiencies in systems where the primary function is security.”

Related News

CDN Top Newsmakers for 2014: Internet of Things

How the Internet of Things might save the PC

New types of partners for the Internet of Things

While a significant increase in the use of transport encryption such as SSL/TLS was noted, the report added the configuration and implementation weakened the security the encryption technology should normally provide.

Significant vulnerabilities were identified with each device tested, including enumerable usernames, weak password policy and no account lockout. None required a strong password, and just one offered two-factor authentication. Four of the seven systems with cameras allowed multiple people video access, exacerbating account harvest issues, and two allowed video to be streamed locally without authentication.

“Products, services, and ecosystems around Internet of Things will increasingly offer a wide range of benefits that will entice both consumers and businesses,” said the report. “This research does not aim to dampen that enthusiasm, but rather to inform users that these capabilities come with risks, and that it’s in everyone’s best interest to understand those risks before activating these systems.”

HP recommends consumers include security in their feature considerations when shopping for such products, avoid using system defaults for user names and passwords and instead choose good passwords when possible. Enterprises should implement a firewall between Internet of Things devices and the rest of the network, and configure supplemental security features that may not be enabled by default.

Author: Jeff Jedras

A veteran technology and business journalist, Jeff Jedras began his career in technology journalism in the late 1990s, covering the booming (and later busting) Ottawa technology sector for Silicon Valley North and the Ottawa Business Journal, as well as everything from municipal politics to real estate.He later covered the technology scene in Vancouver before joining IT World Canada in Toronto in 2005, covering enterprise IT for ComputerWorld Canada. He would go on to cover the channel as an assistant editor with CDN.His writing has appeared in the Vancouver Sun, the Ottawa Citizen and a wide range of industry trade publications.