VPN Articles and News

New Study Highlights Security Concerns For IOT Enabled Homes

Thursday, August 13th, 2015

The market for Internet of Things (IOT) enabled products is booming right now. These days customers can not only choose from smart security devices that can ward off intruders and smoke detectors that can detect devastating fires but also lighting devices that can be activated via Smartphones, refrigerators that can tell if your food is about to go bad, smart thermostats that maintain optimum temperature at all times as well as connected cars that can grab a variety of information from the internet.

However, in the mad rush to embrace IOT based products, security seems to have taken a backseat. Security experts have repeatedly warned that widespread adoption of such devices can lead to data thefts and massive security breaches. These concerns were also recently highlighted by the security firm Symantec which conducted a study to test the security of IOT based home devices.

To carry out the study, Symantec studied security features of 50 different IOT products. The product lines analyzed in the study included energy management devices, smart thermostats, smoke detectors, hubs, smart locks and light bulbs. While the company did not analyze the security features of home safety, entertainment and networking products (including Smart TVs, set top boxes, surveillance cameras, security alarms, broadband routers and NAS (network attached storage) devices), it can be safely said that the study findings would be applicable to them as well.

Out of the 50 products analyzed by Symantec, none of the devices used mutual authentication, enforced strong passwords or protected owners’ user accounts from brute force methodology of attacks. What’s worse, the underlying technology used in the devices contained many common security loopholes and 19 percent of mobile apps used for controlling the devices did not use SSL (Secure Sockets Layer) to encrypt user data. The puzzling thing is that the vulnerabilities discovered in the devices were already known to the vendors but still there has been no effort on their part to plug the security loopholes.

Other security vulnerabilities unearthed in the study included some devices not enforcing or offering a choice of having strong passwords, many cloud based IOT interfaces not supporting two factor authentication, devices not having lock out or delaying features to protect user accounts, IOT services not offering signed or encrypted firmware updates as well as some serious security issues, including unauthorized access to underlying systems, SQL injection, remote code execution, and remote file inclusion (RFI); in web portals that were being used to control IOT products. And since many IOT based products are Wi-Fi compatible, they are vulnerable to attacks that rely on weak security of wireless networks.

While there is no evidence that IOT based home devices have been targeted by hackers, the findings of the study are indeed worrying. Considering that there will be millions of IOT based devices in the near future, it wouldn’t be an exaggeration to say that we are sitting on a time bomb that could go off at any time. Symantec recommends using strong passwords, using IOT based home devices on a separate home network and even disabling them when not needed as well as researching the security features available with the devices in order to stay safe from cyber-attacks that specifically target smart devices.

August 13, 2015

Leave a Reply

Your email address will not be published. Required fields are marked *

2 + 8 =