>> HP FORTIFY - 100% OF 10 HOME SECURITY SYSTEMS VULNERABLE

I learnt early on statistics are only meaningful based on how they are presented in context.

In a follow up to the 2014 IoT research study; HP has released a new report studying security of ten of the latest home monitoring systems with some warnings for both consumer and enterprises included in the results being published as part of the study - what implications do they raise?

The results are not saying all the home monitoring solutions have no security at all but instead highlight a number of design failures that within the solutions that make them vulnerable to attack. Specifically around authentication and authorization issues regarding mobile and cloud services.

A key list of the design failures that all exhibited include:

• allowed the use of weak passwords
• lacked an account lockout mechanism (authentication failures)
• were vulnerable to account harvesting, credentials guessing

All of which in an ideal world make sense to include as part of a systems design; however - these do not make the systems vulnerable out of the box. It does however make sense to have strong passwords to avoid brute force attacks and incorporate a lockout mechanism after multiple failures.

Unfortunately this report does smell like advertising for HP and not offer more than was in the previous report they published. It could be good for those trying to establish best practices to look at some of the recommendations however - sharing knowledge is key; than ignoring it.