Multiple recent reports on connected home security systems that suggests the emerging “smart home” trend could be putting consumers at higher security risks.
Last month HP released the “HP Fortify” report, which assessed 10 connected home security devices and their cloud and mobile app components, drew some alarming conclusions: none of the systems required the use of a strong password and all systems failed to offer two-factor authentication.
“All of the studied devices used in home security contained significant vulnerabilities,” the report warned, “including enumerable usernames, weak password policy and no account lockout … we continue to see significant deficiencies in the areas of authentication and authorization along with insecure cloud and mobile interfaces.”
Symantec analyzed 50 smart home devices available today and took a look at how they measure up when it comes to security, this week releasing the results of its research, and found “many of these devices and services have several basic security issues.”
- Weak authentication: “None of the devices used mutual authentication or enforced strong passwords. Even worse, some hindered the user from setting up a strong password on the cloud interface by restricting the authentication to a simple four-number PIN code.”
- Web vulnerabilities: In addition to weak authentication, many smart home web interfaces suffer from well-known web application vulnerabilities. A quick test with 15 IoT cloud interfaces revealed some severe vulnerabilities and this check only scratched the surface. One of the affected devices was a smart door lock, which could be opened remotely over the internet without even knowing the password.
- Local attacks: Attackers who have gained access to the home network, for example by breaking into a wifi network with weak encryption, have further attack vectors at their disposal. Stolen credentials can be used to execute commands and even take over the device completely by updating it with a malicious firmware update.
“Take a moment to think about how these conveniences may be exposing you and your home to cyberattacks,’ Symantec warns. “Demand better security from the manufacturers of your smart home and IoT devices−only then will things start to improve.”