Symantec has analyzed 50 devices for smart home currently for sale and found that many IoT devices offer only a basic protection against the most common attacks made online. The presence of known vulnerabilities in the devices and the mobile app used for remote control has confirmed that unluckily for the manufacturers safety is a secondary feature. The software provides users with some tips to minimize the risks.
Are already available on the marketplace several solutions to create a smart home. You can buy appliance equipped with an Internet connection or turn an old model in a device IoT. Their spread is still in its infancy, but it is expected a rapid increase in sales in the coming years. According to Gartner, there will be 25 billion “things” linked by 2020. This means that the cyber attacks are set to grow exponentially.
Researchers at Symantec have analyzed thermostats, locks, lights, smoke detectors, hubs and devices for energy management. Were also examined alarms, surveillance cameras, entertainment systems, routers and NAS? Some smart device using a cloud service to monitor the use and allow users to remotely control these systems. Access can be via app or web portal.
Symantec establish that none of the devices provides mutual authentication between client and server or allows you to use strong passwords (often asked a simple four-digit PIN). Moreover, almost no cloud service offers authentication in two factors and protection against brute-force attacks. What’s more, many web interfaces contain well-known vulnerabilities. In a short time, the researchers were able to open a lock remotely, without knowing the password.
The IoT devices are still the favorite targets of cybercriminals, but could become very soon. Producers should seriously consider the security problem, using such code signed and SSL / TLS. In the meantime, users can follow a few tips, how to change the default passwords, put out of action the device when not in use or use a wired connection.