If you jump on the home security band wagon and purchase an Internet of Things home security system to provide you and your family security, you may actually be less secure and more vulnerable that before you bought the system.
HP researchers tested ten of the newest connected home security systems and discovered that IoT connected security systems are full of security FAIL.
Connected home security systems are connected via the cloud to mobile devices or the web for remote monitoring, and come with a variety of features such as motion detectors, door and window sensors and video cameras with recording capabilities.
Although the intent of these systems is to provide security and remote monitoring to the home owner, the HP researchers found the vulnerabilities they discovered showed that others could be monitoring the home and not just the owner.
100% of the products allowed the use of weak passwords
100% lacked an account lockout mechanism that would prevent automation attacks
100% were vulnerable to account harvesting, which allows attackers to guess login credentials and gain access.
"If video streaming is available through a cloud based web or mobile application interface, then video can be viewed by an internet based attacker from hacked accounts anywhere in the world," said Daniel Miessler, HP researcher. "Unfortunately some parents only learn this lesson after their wireless baby monitor is hacked and the attacker talks to them or the baby." Owners of about 73,000 wireless cameras had a rude wake-up call when "insecurecam" aggregated security surveillance systems that are available on the web for all to view.
"It seems that every time we introduce a new space in IT we lose ten years from our collective security knowledge," said Miessler. "The Internet of Things is worse that just a new insecure space, it's a Frankenbeast of technology that links network, application, mobile, and cloud technologies together into a single ecosystem, and it unfortunately seems to be taking on the worst security characteristics of each. Securing the IoT will be our greatest challenge as an information community."
In other words, the IoT space is the new Wild West and home security systems are not nearly as secure as you may think.