More IoT device security woes in latest Bitdefender research
New research shows that the move to smart homes is actually putting householders at risk of privacy theft after the discovery that a number of commonly used Internet of Things (IoT) consumer devices are vulnerable to cyber attack.
The study, by security provider Bitdefender, showed that four products – the LIFX Bulb, MUZO Cobblestone audio receiver, LinkHub and WeMo switch were all susceptible to breaches.
How each device connected to the Internet and the cloud, as well as the communication between the device and its corresponding mobile application, were all studied by Bitdefender.
The first, a smart LED bulb LIFX Bulb, connects to a Wi-Fi network allowing users to control their lighting via a smartphone app. However Bitdefender found that by turning the device on and off five times the device could be reset and a new hotspot created. This would enable victims to be connected to a fake hotspot where they could inadvertently leak the username and password of their Wi-Fi network to possible attackers, allowing for further penetration.
The MUZO Cobblestone audio receiver, a Wi-Fi audio receiver that can be connected to home routers to allow music streaming from different devices can also be connected from remotely. An attempt at password hacking on the device found that the initial credentials were set to admin/ admin.
On the LinkHub, another smart lighting device, data was found to be sending without encryption meaning attackers were able to clearly see the username and password of a Wi-Fi network. And finally the WeMo switch, a Wi-Fi device that can switch plugged in devices on or off remotely also proved to be vulnerable to weak access point authentication.
Radu Basaraba, malware researcher at Bitdefender, said that more needs to be done to avoid such devices being overheard when communicating sensitive data: “IoT vendors need to prioritise security before their devices become hugely popular, leaving millions of people at risk from cyberattacks. The IoT opens a completely new dimension to security where the Internet meets the physical world. If projections of a hyper-connected world become reality and manufacturers don’t bake security into their products, consequences can becoming life-threatening,” he said.
Interested in hearing industry leaders discuss subjects like this and sharing their IoT use-cases? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.
- » Securing IoT applications for the next era of industry: An important challenge – and opportunity
- » The time is now: How to manufacture your smart factory with Industrial IoT
- » New research shows how easily LoRaWAN smart devices networks can be hacked
- » Opinion: Data isn’t the new oil – with IoT, it will be much bigger
- » Toyota invests $400m in Pony.ai with latest driverless tech bet