July 29, 2014, 5:49 AM PDT By Arik Hesseldahl
Excited about the promise of the shiny new Internet of Things? Good. Because hackers are too. Or at least they should be, according to a study by computing giant Hewlett-Packard.
The company’s Fortinet network security unit conducted an analysis of the 10 most popular consumer Internet things on the market and found 250 different security vulnerabilities per product for an average of 25 each. Unfortunately HP doesn’t identify each product but does describe them in broad brush-strokes: They were from the manufacturers of “TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers.”
As a basic rule, these devices often run stripped down versions of the Linux operating system, and so will have many of the same basic security concerns that you might expect to be in place on a server or other computer running Linux. The problem is, the people building them aren’t going to the effort to secure them the way they would a more traditional computer.
What’s happening says Mike Armistead, VP and general manager of HP’s Fortify unit, is that manufacturers are rushing to get their products on the market without doing the harder work of locking their devices down against the most basic kinds of attacks.
Magnifying the potential for the problem is the fact that once one device is compromised, overlapping vulnerabilities can lead an attack from one to the other. If that seems like alarmist paranoia, remember that one of the most damaging hacking attacks in history, the Target breach, in which information on more than 70 million people was compromised, was carried out by way of an attack on a system used to manage and maintain the heating and ventilation system in the company’s stores.
Read the full article on RE/CODE