Turns out, your deepest fears about our connected future are probably true—as long as it’s security that you're worried about, anyway.
A new report from HP shows just how vulnerable many of the most popular smart home products really are. The findings highlight to the often overlooked problem of security in the increasingly digitized modern home, and may even portend slow adoption rates for what many are calling the next technological revolution.
In the study, HP analyzed 10 of the most popular devices, including smart TVs, thermostats, remote power outlets, hubs, and alarm systems—all of which feature mobile apps for remote control.
Eighty percent of the examined products don't require complex (and therefore secure) passwords, including their cloud-based apps and components. Even more (90 percent) were found to collect at least one piece of personal information through the cloud. In all, the devices in the study averaged 25 vulnerabilities each.
The study found similar problems with encryption of transmitted data and security of software, hardware, and web interfaces. However, HP did not disclose which specific products it analyzed.
These problems are only likely to get worse, as Gartner predicts the number of “connected” devices in the so-called Internet of Things (IoT) will reach 26 billion by 2020. Cisco puts that number even higher. The issue, of course, is that many of these products will have access to sensitive personal data like social security numbers and banking information.
“As the number of connected IoT devices constantly increases, security concerns are also exponentially multiplied,” HP stated in its report. “A couple of security concerns on a single device such as a mobile phone can quickly turn to 50 or 60 concerns when considering multiple IoT devices in an interconnected home or business.”
HP recommends manufacturers of smart home devices perform routine security reviews and adopt uniform security standards. But the underlying problem is that many IoT hardware makers lack experience in software securitization.
“These devices will inevitably be abandoned by their manufacturers,” wrote Peter Bright for Ars Technica, “and the result will be lots of ‘smart’ functionality—fridges that know what we buy and when, TVs that know what shows we watch—all connected to the Internet 24/7, all completely insecure.”
But not all agree. Michela Menting, a senior cybersecurity analyst at ABI Research, explained to us in a February story that security demands will soar as more and more IoT products hit the market.
"The idea that we don’t need or don’t want something today doesn't mean we won't want it tomorrow," she said.