Wednesday, February 11, 2015

Home security systems not so secure

This is my shocked face:
In a recent study, every connected home security system tested by HP contained significant vulnerabilities, including but not limited to password security, encryption, and authentication issues.

HP's Fortify on Demand security service assessed the top 10 home security devices – such as video cameras and motion detectors – along with their cloud and mobile application components. It uncovered vulnerabilities in all of them. None of the systems required the use of a strong password, for example, and 100 per cent of the systems failed to offer two-factor authentication.
There's no excuse for not using, say, a SMS message to a cell phone as a 2 factor authentication.  I'm a big fan of that.*
Manufacturers are under pressure to release security systems that deliver remote monitoring capabilities. Ironically, however, the network connectivity and access that are necessary for remote monitoring mean the security risks associated with such systems are significantly greater than those associated with older, disconnected systems.
I guess it's too much to ask that manufacturers are under pressure to make their security system actually, you know, secure.

*If you use online banking, I strongly recommend you turn that feature on.


Tony Tsquared said...

The best security system is a big scary dog.

Jeffrey Smith said...

The problem with 2 factor authentication and the rest is that they take out all the convenience that draws people to use these things.
I myself do not online bank or online bill pay. In fact, I still go in and talk to the teller.
And my home security system is comprised of stuff invented before 1900.

Old NFO said...

I only do online when I have to, and I do need to update HOW I'm doing it.

Unknown said...

Every time I've been offered 2-factor authentication, it has taken me all of about 30-seconds to work out how the particular form would lock me out of my account.

My cellphone doesn't work in my house (too rural) my office (to subterranean), when we are visiting my wife's family (too CDMA for that country).

I'm well-aware of the weaknesses of the quasi-2factor used by my bank, but we only ever access that from the same secure computer.