HP’s latest research warns that the increase of IoT (Internet of Things) devices have created new attack vector for hackers.
Stating that IoT devices are poised to become more pervasive in our lives than mobile phones, HP has found that 90 per cent of these devices collect at least one piece of personal information.
That stat alone may not be much of a surprise, but coupled with the news that HP found that 80 per cent of devices raised privacy concerns, and 80 per cent also failed to require passwords of sufficient complexity and length, and the news starts to become a little worrying.
"Suddenly, everything from refrigerators to sprinkler systems are wired and interconnected, and while these devices have made life easier, they’ve also created new attack vectors for hackers," reads the report.
60 per cent of the devices tested displayed issues including no encryption when downloading updates, with update files themselves not being protected. HP found that some downloads were intercepted, extracted and mounted as a file system in Linux where software could be viewed or modified.
There were also concerns with many of the devices’ web interfaces.
“These concerns were issues such as persistent cross-site scripting, poor session management and weak default credentials,” explained the report.
“We identified a majority of devices along with their cloud and mobile counterparts that enable an attacker to determine valid user accounts using mechanisms such as the password reset features. These issues are of particular concern for devices that offer access to devices and data via a cloud website.”
While we are still in the early stages of the smart device revolution, Gartner predicts that IoT will be made up of 26 billion units by 2020.