Smart-home devices riddled with security flaws, HP study finds

Smart-home devices riddled with security flaws, HP study finds

ControllerThe increasingly sophisticated and powerful security systems emerging from the connected universe present a double-edged sword for the smart home, according to a new study from Hewlett-Packard on the risks of the technology. The results are alarming, to say the least.

The hardware giant unleashed its cloud-based vulnerability testing service on 10 of the most popular connected appliances in the home security category, as well as the respective web-based and mobile companion applications, and found that every single one suffers from serious security flaws. The report reveals that the most common issue is the lack of two-factor authentication, which is what allowed hackers to infiltrate JPMorgan Chase & Co.’s network using the stolen credentials of an unsuspecting administrator.

For users of the vulnerable security systems, that means malicious parties only need to obtain their log-in details in order to compromise their accounts and potentially exploit that access to snoop on their households. But that’s only the start of the problems with the appliances. HP also found that none of the manufacturers whose devices were surveyed curtailed the number of failed log-in attempts, which opens the door for brute-force attacks.

And it doesn’t end there. Not hardly. None of the systems with cloud and mobile interfaces that the company surveyed required the use of strong passwords with more than six characters, while half expose users to the risk of account harvesting through their companion apps.

On the plus side, every device in the study implemented some sort of encryption to protect the flow of information through the network, but many connections are still vulnerable to exploits such POODLE despite the availability of patches. That’s a challenge that extends far beyond the home protection category to the broader connected universe, to the point that the likes of Google are actively working to address it, but progress has been slow.

The lackluster defenses of home security appliances is a symptom of a much broader problem that will worsen before it becomes better as manufacturers continue the rush to digitize their analog products. The impact that ubiquitous connectivity is set to have on our everyday lives means that standards are bound to emerge eventually, but until then, it’s up to the individual consumer to ensure that they’re not putting their privacy at unnecessary risk.