The good news: in the not to distant future, consumers will be able to run the dishwasher, turn on the light and lock the doors remotely with the tap of a button from a smart phone. The bad news: in the not too distant future, cybercrimals will have all the same abilities.
An analysis of the top 10 “internet things” by Hewlitt-Packard turned up 250 potential security flaws—for an average of 25 per device.
“For a hacker, that’s a pretty big new target to attack,” noted VP and general manager of HP’s Fortify unit Mike Armistead, reported ReCode.
Particularly pretty because while most people at this point know that they need to secure their smartphone or computer, the mental adjustment to securing ones toaster against cybercriminals has yet to fully set in. This is akin to the security problems that IT faced when printers and scanners became smart and network-attached. All of a sudden, a smart printer with an IP address and no firewall became every cyberthief’s favorite backdoor into a corporate network. You know how hard it is to get approval for a firewall for a printer?
According to HP’s study, eight devices failed devices failed to required a better password than “1-2-3-4”, six devices were vulnerable to cross-scripting attacks and seven used no encryption when communicating with the internet. Most disturbing, six devices didn’t encrypt software updates during download. In practicality this means that hacker could design a downloadable package that looked legit but would have no purpose other than to hijack and reprogram whatever device it was added to.
Of the devices, 90 percent collected personal information
Most of the devices often run stripped-down versions of the Linux operating system and thus has all standard Linux concerned. Programmers, however, are seemingly less concerned about securing them the way they would a personal computer, creating what is apparently going to be an easy opening for hackers.