Seems to me, in future, when our phones are our life-remote-controls, we are going to need much better app security and IPv6 number-allocation systems than we have now. Ideally every electronic device in our future lives will have a unique IP address. So, maybe when we are born we should be allocated say ten thousand IPv6 addresses for use throughout our lifetimes for all of the many devices which will remotely control our environments. But, whatever .. it's obvious that systems for individual device security will need to be better sorted than they are now ... "Home appliances easily hackable: security study" By JOHN DAVIDSON http://www.afr.com/f/free/technology/digitallife/home_appliances_easily_hackable_8AQzd3vvghdBq2ovLhKnEL Seven of the ten most popular internet-connected household devices are easily hackable, averaging 25 security and privacy vulnerabilities each, according to a security outfit that says it tested them. Hewlett Packard’s security unit Fortify (which naturally wants to sell you some security) conducted a study on the so-called “Internet of Things” – common household objects such as TVs, home thermostats, remote power outlets, door locks and home alarms that have been hooked up to the internet and can be controlled by apps – and found them wanting. Common security problems found were: privacy concerns, insufficient authorisation, lack of data transport encryption, insecure web interfaces and inadequate software protection, HP said. “We bought them, shipped them to a lab, and beat up on them for around three weeks.” In that time the security researchers found 250 security flaws across the ten devices, which averages out at 25 per device. However, HP said that only seven of the ten contained “serious vulnerabilities”, so presumably three of them had fewer than that. HP’s not saying exactly which devices it tested, nor which ones failed the test, so we don’t know for instance whether Google’s Nest home thermostat, the most iconic device in the Internet of Things, passed the test or not. Could hackers break into it over the internet, and raise some household’ temperature to a balmy 23 degrees? Lord knows I’d like to do that with my mother’s thermostat, which she insists on keeping at 21 degrees. Brrrrr. If only it were on the web. “While the Internet of Things will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface,” Fortify vice president Mike Armistead said in a press release. “With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats.” Thankfully, many of the security issues in the IoT are “easily addressable”, HP says. Eight of the devices didn’t require strong passwords, for instance, which probably could be fixed with just a line or two of Javascript. Seven of the devices “did not encrypt communications to the internet and local network”, which shouldn’t be hard to remedy, either, given that most IoT devices are built on the Linux operating system, which comes with encryption modules. The Australian Financial Review --- Cheers, Stephen . _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
