Smart Home Kits Prove Easy To Hack
A study of the most popular app-controlled home devices suggests the majority of the products tested were vulnerable to hackers.
HP's Fortify security division reviewed ten pieces of internet-connected kit.
It said the majority of the apps did not require a password of sufficient complexity and length, and that most did not encrypt the data they transmitted.
HP did not name the manufacturers involved, but identified the ten types of net-connected products studied. They included a Smart TV, webcam, smart thermostat, a remote power outlet and bathroom scales, amongst others.
One of the biggest concerns was that eight of the surveyed devices did not require consumers to use hard-to-hack log-ins.
It stated that most devices allowed passwords as simple as '1234' or '123456' - which could then be used to access both the app and a website providing access to the owner's records.
The team also said, in addition to the lack of password security, the interfaces used by six devices' websites had other security flaws that could cause them to be compromised. They said in some cases, the hackers could exploit the password reset facility to determine which accounts were valid - allowing them to focus on follow-up attacks.
HP also said that seven of the devices failed to encrypt communications sent to the internet and/or local network.
The report from HP said: "With many devices collecting some form of personal information such as name, address, date of birth, health information and even credit card numbers, those concerns are multiplied when you add in cloud services and mobile applications that work alongside the device,"
"And with many devices transmitting this information unencrypted on your home network, users are one network misconfiguration away from exposing this data to the world via wireless networks.
"Do these devices really need to collect this personal information to function properly?"
Return to internet news headlines
View Internet News Archive