1. Privacy Concerns: 90 percent of devices collected at least one piece of personal information via the device, the cloud or the device’s mobile application. The vast majority of devices collecting information like name, address, date of birth or even health and credit card information. Even worse is the fact that many devices transmit this information across networks without encryption. If users misconfigure their home network, then they are only one step away from exposing this data through wireless networks. Cloud services, which many of these devices use, are also extremely vulnerable. However, it is likely that the majority of these devices actually need personal information to function.
2. Insufficient Authentication/Authorization: 80 percent failed to require passwords of sufficient complexity and length. A huge number of users and devices rely on weak and simple passwords and authorizations. Citing examples of this, HP found that many devices and their cloud components accepted passwords like “1234” or “123456”. Many users that configured accounts with weak passwords also used the same password in the cloud for cloud products. HP points out that a strong
password policy is basic security, but even still most solutions failed.
3. Transport Encryption: 70 percent of devices used unencrypted network services. Transport encryption is where information that is being transferred from one device to another device is encrypted from the outset of any communication. Transport encryption will be crucial given that most of the devices are transmitting data that most people would consider crucial. However, most devices surveyed failed to encrypt data, even when the devices were using the Internet. HP noted that the need for encryption is particularly strong given the amount of information that is being passed between the device, the cloud and mobile applications.
4. Web Interface: 60 percent raised security concerns with their user interfaces. These issues included:
persistent cross-site scripting, poor session management and weak default credentials. From this, hackers were able to identify valid user accounts and take them over using things like password reset features.
5. Insecure Software: 60 percent did not use encryption when downloading software updates. Given the number of software updates that will be required to make everything work together, HP says that it was “alarming” to find that so little of this software was encrypted during downloads. Even worse, some of the downloads that were tested could be intercepted and uploaded into a file system in Linux where the software could be seen or even modified.
Meghna Thapar 4 years, 2 months ago
1. Privacy Concerns: 90 percent of devices collected at least one piece of personal information via the device, the cloud or the device’s mobile application. The vast majority of devices collecting information like name, address, date of birth or even health and credit card information. Even worse is the fact that many devices transmit this information across networks without encryption. If users misconfigure their home network, then they are only one step away from exposing this data through wireless networks. Cloud services, which many of these devices use, are also extremely vulnerable. However, it is likely that the majority of these devices actually need personal information to function.
2. Insufficient Authentication/Authorization: 80 percent failed to require passwords of sufficient complexity and length. A huge number of users and devices rely on weak and simple passwords and authorizations. Citing examples of this, HP found that many devices and their cloud components accepted passwords like “1234” or “123456”. Many users that configured accounts with weak passwords also used the same password in the cloud for cloud products. HP points out that a strong
password policy is basic security, but even still most solutions failed.
3. Transport Encryption: 70 percent of devices used unencrypted network services. Transport encryption is where information that is being transferred from one device to another device is encrypted from the outset of any communication. Transport encryption will be crucial given that most of the devices are transmitting data that most people would consider crucial. However, most devices surveyed failed to encrypt data, even when the devices were using the Internet. HP noted that the need for encryption is particularly strong given the amount of information that is being passed between the device, the cloud and mobile applications.
4. Web Interface: 60 percent raised security concerns with their user interfaces. These issues included:
persistent cross-site scripting, poor session management and weak default credentials. From this, hackers were able to identify valid user accounts and take them over using things like password reset features.
5. Insecure Software: 60 percent did not use encryption when downloading software updates. Given the number of software updates that will be required to make everything work together, HP says that it was “alarming” to find that so little of this software was encrypted during downloads. Even worse, some of the downloads that were tested could be intercepted and uploaded into a file system in Linux where the software could be seen or even modified.
0Thank You