Smart home device vendors know their products are not secure: Symantec

Not only are smart home devices not secure, but device manufacturers are not doing anything about it, according to Symantec.

In a recent white paper published by the security vendor, the company described that an analysis of 50 smart home devices found that none of them used mutual authentication, enforced strong passwords or protected against brute-force attacks, while more than one in five devices did not encrypt data sent to the cloud.

Furthermore, many cloud interfaces had critical web vulnerabilities, including one that would allow an attacker to remotely unlock a person’s home while unsigned firmware updates used by these devices could allow a hacker to take over devices completely, according to Symantec.

Yet, according to researchers, it’s not for a lack of awareness.

“It’s not just the smaller brands or kickstarter projects where it’s their first project,” said Candid Wueest, a threat researcher at Symantec.  “We’ve seen it with larger companies, where you’d think they would know better.  We reported vulnerability but they haven’t patched the devices.”

Granted, at present, the threat of hacking IoT devices is not yet very high.

While it is possible that a tech-savvy burglar could unlock a smart home and steal household items, for a cyber criminal to cross over into physical crime is unlikely, according to Wueest.

What’s more probable, he said, is for hackers to monitor a home’s camera and mic-enabled devices for information that can then be used to blackmail for a ransom.

For now there’s still more profits to be made in trading illegally-obtained credit card information.  While Wueest predicts that the shift towards new types of hacking will take place within five years – Gartner has predicted that by this year, 4.9 billion connected things will be in use, a rise of 30 percent from 2014 – he said that consumer pressure on companies to implement security is not yet enough.

“We’re going into that direction,” he said.  “If we don’t worry about it now, we’ll have to fix it later.  That’s going to make it a lot harder.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Dave Yin
Dave Yin
Digital Staff Writer at Computer Dealer News, covering Canada's IT channel.

Related Tech News

CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.