In many ways, mobile device security is an oxymoron in its current state. In fact, if you're using an Internet of Things-type device, chances are it has an average of 25 hidden vulnerabilities, according to new research, making it a ripe target for hackers.

 

That's according to a new HP-led study that sheds light on the alarming number of connected devices with serious security weak spots. As the data reveals, a whopping 70 percent of all commonly used mobile devices and apps have these vulnerabilities. 

 

In the study, HP researchers scanned 10 of the most common IoT devices, identifying 250 total security concerns. And although the devices tested included products from TV, webcam, remote power outlets and home alarm manufacturers, unprotected health data contained on apps was a concern.

 

[See also: Hacker calls health security 'Wild West'.]

 

These vulnerabilities essentially render consumer health information unprotected and available for the taking, officials pointed out. The numbers are significant.

 

Currently, there are more than 100,000 health-related apps just available via smartphones. As consumers use more and more mobile health apps to store certain medical data, they're still, for the most part, unaware that security is lacking. Many of these devices, for instance, are transmitting the unencrypted data over the consumer's network. "Users are one network misconfiguration away from exposing this data to the world via wireless networks," HP officials wrote in the study. 

 

And in the healthcare space -- or anywhere, really -- that's bad news. 

 

Recalling his conversations with one particular medical app developer, Kevin Johnson, chief executive officer of network security consulting firm Secure Ideas, said it proved altogether alarming to hear what they considered security. 

 

Keep in mind, said Johnson, this is an app used by major medical hospitals, with big insurance companies recommending it to doctors. 

 

The developer described the security of the app, Base 64 encryption -- something that doesn't quite actually exist.

"Base 64 is not an encryption mechanism; it's an encoding mechanism," said Johnson. "That's like saying because I spoke in French and you don't understand French, it's secure." 

 

Because of this, and other apps and third-party vendors out there, Johnson recommends healthcare organizations verify vendors' security and make it part of their contract. 

 

Internet of Things devices also were found to have insufficient authorization, HP officials pointed out, with some 80 percent of IoT devices failing to require sufficient passwords. 

 

"While the Internet of Things will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface," said Mike Armistead, vice president and general manager, Fortify, Enterprise Security Products, HP, in a July 29 press statement. "With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats."

 

Other report findings included: