Hewlett Packard: All Home Security Systems Are Easily Hacked
Results from Hewlett Packard’s latest study reveal why security systems integrators need to stress upon customers the importance of creating a strong password for security systems.
The next time you sell a security system, especially one with mobile access, it’s vitally important to impress upon your customers to create a strong password that cannot be easily hacked.
Unfortunately, according to a new study by Hewlett Packard (HP), that is usually not the case.
The 2014 HP Internet of Things Research Study did an analysis of 10 common home security systems (which it does not name). The study notes, “In our ongoing research, we continued to see significant deficiencies in the areas of authentication and authorization along with insecure cloud and mobile interfaces.”
The study revealed:
- All 10 of the systems were vulnerable to account harvesting via the cloud interface. That means attackers are allowed to just continue to guess the login credentials until they get it right, and then log in to the web and mobile interfaces to know when homeowners are away or home, or even watch video of the home.
- All 10 of the systems allowed weak passwords, noting that “12345” was allowed to be use.
- All 10 systems failed to implement account lockout defense.
- 7 out of 10 systems had serious issues with their software updates.
- 9 out of 10 systems lacked a two-factor authentication option.
“The biggest takeaway is the fact that we were able to brute force against all 10 systems, meaning they had the trifecta of fail (enumerable usernames, weak password policy, and no account lockout), meaning we could gather and watch home video remotely,” says the report.
The report concludes, “We can expect to see more of the same across the IoT space precisely because of the complexity of merging network, application, mobile, and cloud components into one system.”
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!