Not only are smart home devices not secure, but device manufacturers are not doing anything about it, according to Symantec.
In a recent white paper published by the security vendor, the company described that an analysis of 50 smart home devices found that none of them used mutual authentication, enforced strong passwords or protected against brute-force attacks, while more than one in five devices did not encrypt data sent to the cloud.
Furthermore, many cloud interfaces had critical web vulnerabilities, including one that would allow an attacker to remotely unlock a person’s home while unsigned firmware updates used by these devices could allow a hacker to take over devices completely, according to Symantec.
Yet, according to researchers, it’s not for a lack of awareness.
“It’s not just the smaller brands or kickstarter projects where it’s their first project,” said Candid Wueest, a threat researcher at Symantec. “We’ve seen it with larger companies, where you’d think they would know better. We reported vulnerability but they haven’t patched the devices.”
Granted, at present, the threat of hacking IoT devices is not yet very high.
While it is possible that a tech-savvy burglar could unlock a smart home and steal household items, for a cyber criminal to cross over into physical crime is unlikely, according to Wueest.
What’s more probable, he said, is for hackers to monitor a home’s camera and mic-enabled devices for information that can then be used to blackmail for a ransom.
For now there’s still more profits to be made in trading illegally-obtained credit card information. While Wueest predicts that the shift towards new types of hacking will take place within five years – Gartner has predicted that by this year, 4.9 billion connected things will be in use, a rise of 30 percent from 2014 – he said that consumer pressure on companies to implement security is not yet enough.
“We’re going into that direction,” he said. “If we don’t worry about it now, we’ll have to fix it later. That’s going to make it a lot harder.”
I generally don’t touch any of the non-brand names.
Also reports that many of these non-brand named android base tablets are malware infested before you open it up for the first time.