More IoT device security woes in latest Bitdefender research

More IoT device security woes in latest Bitdefender research IoT News is a practical resource providing news, analysis and opinion on the burgeoning Internet of Things ecosystem, from standardisation, to business use cases, and development opportunities. We take the best research and put our own spin on it, report from the frontline of the industry, as well as feature contributions from companies at the heart of this revolution.


New research shows that the move to smart homes is actually putting householders at risk of privacy theft after the discovery that a number of commonly used Internet of Things (IoT) consumer devices are vulnerable to cyber attack.

The study, by security provider Bitdefender, showed that four products – the LIFX Bulb, MUZO Cobblestone audio receiver, LinkHub and WeMo switch were all susceptible to breaches.

How each device connected to the Internet and the cloud, as well as the communication between the device and its corresponding mobile application, were all studied by Bitdefender.

The first, a smart LED bulb LIFX Bulb, connects to a Wi-Fi network allowing users to control their lighting via a smartphone app. However Bitdefender found that by turning the device on and off five times the device could be reset and a new hotspot created. This would enable victims to be connected to a fake hotspot where they could inadvertently leak the username and password of their Wi-Fi network to possible attackers, allowing for further penetration.

The MUZO Cobblestone audio receiver, a Wi-Fi audio receiver that can be connected to home routers to allow music streaming from different devices can also be connected from remotely. An attempt at password hacking on the device found that the initial credentials were set to admin/ admin.

On the LinkHub, another smart lighting device, data was found to be sending without encryption meaning attackers were able to clearly see the username and password of a Wi-Fi network. And finally the WeMo switch, a Wi-Fi device that can switch plugged in devices on or off remotely also proved to be vulnerable to weak access point authentication.

Radu Basaraba, malware researcher at Bitdefender, said that more needs to be done to avoid such devices being overheard when communicating sensitive data: “IoT vendors need to prioritise security before their devices become hugely popular, leaving millions of people at risk from cyberattacks. The IoT opens a completely new dimension to security where the Internet meets the physical world. If projections of a hyper-connected world become reality and manufacturers don’t bake security into their products, consequences can becoming life-threatening,” he said. in hearing industry leaders discuss subjects like this and sharing their IoT use-cases? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.

The show is co-located with the AI & Big Data Expo, Cyber Security & Cloud Expo and Blockchain Expo so you can explore the entire ecosystem in one place.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *