The Internet of Things — Internet-connected appliances such as thermostats and refrigerators — might be the future of home automation. But a new report suggests their security isn’t as cutting-edge.
Hewlett-Packard’s security division ran a suite of tests against 10 of the most common smart home devices.
And the probe came up with a list of 250 vulnerabilities — an average of 25 per device — that plagued everything from garage door openers and thermostats to webcams and remote power outlets.
Gizmodo says “of the 10 devices tested, seven sent all data (including personal identifying info) to the web completely un-encrypted, while six transmitted password info unencrypted.”
The problem, says Re/code, is these are effectively tiny computers — even with stripped-down operating systems they’re still connecting to the Internet. And “the people building them aren’t going to the effort to secure them the way they would a more traditional computer.”
“As we connect the washing machine, as we connect the refrigerator; as your car now talks to Facebook, are we ready for this kind of interaction? Is the security in place?”
Security strategist Hugh Thompson told the BBC the market is moving very quickly — faster, Silicon Angle suggests, than safety measures can keep up.
“Competition demands that hardware manufacturers get their products to market quickly — a fact that tends to make security an afterthought.”
That can result in headlines like this one: Quartz reports earlier this year researchers detailed an e-mail spam ring that was using smart devices, including at least one networked refrigerator, to crank out messages.
HP’s report urges manufacturers to proactively hunt vulnerabilities and install basic security measures before smart devices make it to market.