The problem with this massive push to connect everything to each other and push that information to the internet is that no one appears to have thought about how to these devices secure. So how bad is the situation? Well according to an HP study as much as 70% of connected devices are vulnerable. Yup 70% of devices have at least one major flaw that allows them to be compromised. In some cases these devices have as many as 25 vulnerabilities in them.
This latter fact was true of most IP cameras and is not surprising based on the embedded web UI that most of them use. This webserver was found to be so insecure that almost anyone could get into hidden, yet not protected, areas that allow someone to view and even configure the device.
What makes this finding even more concerning is that the end user has no control over the way security is handled on most of these devices. Sure you can set up an admin password, but you cannot change permissions on the web server directories or change the Bluetooth connection code (in most cases). This leaves your device very susceptible to hacking and compromise.
It is a very concerning issue to have considering the explosion of devices that are hitting the market every day. These products are not just going into homes, but also into the hotels we visit. It has already been demonstrated that a hacker can compromise almost every system in a hotel room by exploiting the flaws in the way connected devices are made. Manufacturers have to change their mindset and put more effort into fundamental security and also allowing more customization to core security settings. If they do not things are only going to get worse…
Tell us what you think in our Forum