"Smart" Internet-connected home security systems are meant to protect consumers from intruders — but the top devices don't require even the bare minimum for password protection that we expect for our email and other web services, according to a new study from HP.
HP bought 10 home-monitoring devices like video cameras and alarm systems and tested them to see how easy they are to hack, Jason Schmitt, the vice president and general manager of HP's enterprise security products team, told NBC News. All 10 of the devices had "significant vulnerabilities" in the security of the device itself, HP said.
HP — which declined to name the products it tested — said the most basic of those security holes involved poor password practices. Some devices didn't require strong passwords, while all 10 of the products tested failed to lock the account after a certain number of failed password attempts. "These are things that a lot of web companies have perfected, but when you move to a different [space] that doesn't specialize in web security those practices just kind of drift away," Schmitt said.
— Julianne Pepitone