Hewlett Packard: All Home Security Systems Are Easily Hacked

Results from Hewlett Packard’s latest study reveal why security systems integrators need to stress upon customers the importance of creating a strong password for security systems.

The next time you sell a security system, especially one with mobile access, it’s vitally important to impress upon your customers to create a strong password that cannot be easily hacked.

Unfortunately, according to a new study by Hewlett Packard (HP), that is usually not the case.

The 2014 HP Internet of Things Research Study did an analysis of 10 common home security systems (which it does not name). The study notes, “In our ongoing research, we continued to see significant deficiencies in the areas of authentication and authorization along with insecure cloud and mobile interfaces.”

RELATED: Suit Alleges ADT’s Wireless Systems Are ‘Easily Hacked’

The study revealed:

  • All 10 of the systems were vulnerable to account harvesting via the cloud interface. That means attackers are allowed to just continue to guess the login credentials until they get it right, and then log in to the web and mobile interfaces to know when homeowners are away or home, or even watch video of the home.
  • All 10 of the systems allowed weak passwords, noting that “12345” was allowed to be use.
  • All 10 systems failed to implement account lockout defense.
  • 7 out of 10 systems had serious issues with their software updates.
  • 9 out of 10 systems lacked a two-factor authentication option.

“The biggest takeaway is the fact that we were able to brute force against all 10 systems, meaning they had the trifecta of fail (enumerable usernames, weak password policy, and no account lockout), meaning we could gather and watch home video remotely,” says the report.

RELATED: How Intruders Can Disable Home Security Systems

The report concludes, “We can expect to see more of the same across the IoT space precisely because of the complexity of merging network, application, mobile, and cloud components into one system.”

Click here to view the infographic.

 

About the Author

Contact:

Jason Knott is Chief Content Officer for Emerald Expositions Connected Brands. Jason has covered low-voltage electronics as an editor since 1990, serving as editor and publisher of Security Sales & Integration. He joined CE Pro in 2000 and serves as Editor-in-Chief of that brand. He served as chairman of the Security Industry Association’s Education Committee from 2000-2004 and sat on the board of that association from 1998-2002. He is also a former board member of the Alarm Industry Research and Educational Foundation. He has been a member of the CEDIA Business Working Group since 2010. Jason graduated from the University of Southern California. Have a suggestion or a topic you want to read more about? Email Jason at jason.knott@emeraldexpo.com

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.

A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!

Subscribe Today!

Get Our Newsletters