HP: ALL home security systems are easily hacked


The 2014 HP Internet of Things Research Study did an analysis of 10 common home security systems (which it does not name). The study notes, “In our ongoing research, we continued to see significant deficiencies in the areas of authentication and authorization along with insecure cloud and mobile interfaces.”

The study revealed:

  • All 10 of the systems were vulnerable to account harvesting via the cloud interface. That means attackers are allowed to just continue to guess the login credentials until they get it right, and then log in to the web and mobile interfaces to know when homeowners are away or home, or even watch video of the home.
  • All 10 of the systems allowed weak passwords, noting that “12345” was allowed to be use.
  • All 10 systems failed to implement account lockout defense.
  • 7 out of 10 systems had serious issues with their software updates.
  • 9 out o 10 systems lacked a two-factor authentication option.

“The biggest takeaway is the fact that we were able to brute force against all 10 systems, meaning they had the trifecta of fail (enumerable usernames, weak password policy, and no account lockout), meaning we could gather and watch home video remotely,” says the report.

The report concludes, “We can expect to see more of the same across the IoT space precisely because of the complexity of merging network, application, mobile, and cloud components into one system.”

Click here to view the infographic.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s