Symantec, Insecurity in the Internet of Things (IoT) (Mar. 12, 2015) (full-text).
Symantec analyzed 50 smart home devices that are available today and found that none of the devices enforced strong passwords, used mutual authentication, or protected accounts against brute-force attacks. Almost 2 out of 10 of the mobile apps used to control the tested IoT devices did not use Secure Sockets Layer (SSL) to encrypt communications to the cloud. The tested IoT technology also contained many common vulnerabilities.