The study looked at 10 kinds of Internet of Things gadgets, such as smart TVs, webcams and thermostats, and found 70% of all Internet of Things devices are hackable.
It found there was average of 25 different vulnerable points in each device, meaning 250 vulnerabilities across just 10 devices. That's a lot of legroom for hackers to move, and may point to a potential future in which people's entire homes can be hacked.
The problems involved things like password strength, encryption software and a general lack of security checks for using the devices.
HP said in a statement: “Late last year, we were hearing a lot about Internet of Things, and a bit about IoT security, but had not seen anything that focused on the complete picture of IoT security, i.e. all the various surface areas that represent the IoT ecosystem. So, we decided to start the OWASP Internet of Things Top 10 Project, which aims to educate on the main facets of Internet of Things Security that people should be concerned with.
“Then earlier this year, we decided to use that project as a baseline for testing the top 10 IoT devices being used today. We bought them, shipped them to Craig Smith's home lab, and beat up on them for around three weeks.”
The biggest areas of wekness were:
- Privacy concerns
- Insufficient authorization
- Lack of transport encryption
- Insecure web interface
- Inadequate software protection
That's not all. According to a recent Pew report, almost everything will be connected by the Internet of Things in the next twenty years or so, meaning locking down these devices and putting a focus on security should be a priority for both homes and businesses.
"As the number of connected IoT devices constantly increases, security concerns are also exponentially multiplied," the Pew report states.
"A couple of security concerns on a single device such as a mobile phone can quickly turn to 50 or 60 concerns when considering multiple IoT devices in an interconnected home or business. In light of the importance of what IoT devices have access to, it’s important to understand their security risk."
Tech news source Re/Code says the problem lies in the fact each of the devices are essentially tiny computers, and “the people building them aren’t going to the effort to secure them the way they would a more traditional computer.”
“As we connect the washing machine, as we connect the refrigerator; as your car now talks to Facebook, are we ready for this kind of interaction? Is the security in place?”
"A world of interconnected “smart” devices is here, albeit in the early stages," the report concludes.
"By 2020, Gartner predicts, the Internet of Things will be made up of 26 billion “units”. Fortunately, there’s still time to secure devices before consumers are at risk."