In a recent study, every connected home security system tested by HP contained significant vulnerabilities, including but not limited to password security, encryption, and authentication issues.There's no excuse for not using, say, a SMS message to a cell phone as a 2 factor authentication. I'm a big fan of that.*
HP's Fortify on Demand security service assessed the top 10 home security devices – such as video cameras and motion detectors – along with their cloud and mobile application components. It uncovered vulnerabilities in all of them. None of the systems required the use of a strong password, for example, and 100 per cent of the systems failed to offer two-factor authentication.
Manufacturers are under pressure to release security systems that deliver remote monitoring capabilities. Ironically, however, the network connectivity and access that are necessary for remote monitoring mean the security risks associated with such systems are significantly greater than those associated with older, disconnected systems.I guess it's too much to ask that manufacturers are under pressure to make their security system actually, you know, secure.
*If you use online banking, I strongly recommend you turn that feature on.
The best security system is a big scary dog.
ReplyDeleteThe problem with 2 factor authentication and the rest is that they take out all the convenience that draws people to use these things.
ReplyDeleteI myself do not online bank or online bill pay. In fact, I still go in and talk to the teller.
And my home security system is comprised of stuff invented before 1900.
I only do online when I have to, and I do need to update HOW I'm doing it.
ReplyDeleteEvery time I've been offered 2-factor authentication, it has taken me all of about 30-seconds to work out how the particular form would lock me out of my account.
ReplyDeleteMy cellphone doesn't work in my house (too rural) my office (to subterranean), when we are visiting my wife's family (too CDMA for that country).
I'm well-aware of the weaknesses of the quasi-2factor used by my bank, but we only ever access that from the same secure computer.