“HP Fortify on Demand is pleased to announce the release of its Internet of Things State of the Union Study, revealing 70 percent of the most commonly used Internet of Things (IoT) devices contain serious vulnerabilities.
Why we did the study – Late last year, we were hearing a lot about Internet of Things, and a bit about IoT security, but had not seen anything that focused on the complete picture of IoT security, i.e. all the various surface areas that represent the IoT ecosystem. So, we decided to start the OWASP Internet of Things Top 10 Project, which aims to educate on the main facets of Internet of Things Security that people should be concerned with. Then earlier this year, we decided to use that project as a baseline for testing the top 10 IoT devices being used today. We bought them, shipped them to Craig Smith’s home lab, and beat up on them for around three weeks.
What we found – On average, 25 vulnerabilities were found per device, totaling 250 vulnerabilities. Highlights include:
- Privacy concerns
- Insufficient authorization
- Lack of transport encryption
- Insecure web interface
- Inadequate software protection”