An examination of a number of mobile apps to control smart home devices has discovered that the security in place is not good enough to prevent hackers from taking control.
According to research carried out by IT security firm Pradeo Security Systems, 80% of tested applications carry vulnerabilities, with an average of 15 per application. Moreover, 15% of them can lead to a man-in-the-middle attack. Researchers said this was of particular concern as this can lead to an object takeover by a cybercriminal.
The researchers looked at 100 IoT mobile applications (thermostat, electrical blinds, remote control, baby phone) available on Google Play and App Store.
The researchers said that while official stores applications rarely include a malware but they are not necessarily safe. They added that apps analysed by the company are sending the data they handle to 17 servers in average, and 8% of them are transmitting the information to uncertified servers.
"Among these, some have expired and are available for sale. Anyone buying them could access all the data they receive," said Vivian Raoul, CTO of Pradeo Security Systems.
The research also found that 90% of applications leak the data they manipulate. Among these are application file content (81%), hardware information (device manufacturer, commercial name, battery status) (73%), device information (OS version number) (73%).
Raoul said that his firm has notified the IoT device manufacturers about the security problems they are exposed to.
While the number of smart home apps and devices are expanding with more developers getting in on the action, there's clearly a need for security to be seriously considered, otherwise homes and offices could end up with a deluge of potential vulnerabilities on their networks.
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
Google Home vs Amazon Echo vs Apple HomePod vs Samsung Galaxy Home: Alexa skills blueprints now available to UK usersVs Amazon make 22 templates available for custom skills
-
Searching for IoT devices that look great? We have the answerReviews There's no point in getting rid of wires to replace them with something ugly
-
How Google Home and Amazon Echo will convince people smart homes aren't uselessAnalysis IoT industry figures believe that people are not yet ready for a connected life
