A study of connected “Internet of Things” (IoT) devices has shown security vulnerabilities within these devices to be a potential pathway for robbery, theft of sensitive data or even stalking.
Veracode studied six common at-home devices, including the Chamberlain MyQ Internet Gateway, the Chamberlain MyQ Garage, the SmartThings Hub, the Ubi, the Wink Hub, and the Wink Relay.
The study found that the impact of security vulnerabilities in these devices could be significant for users. Among the issues found were: open debugging interfaces that could allow remote attackers to run arbitrary code on the device itself such as spyware; serious protocol weakness that allow passive observers to access sensitive data or control of the device; and lack of adherence to best practices to protect users’ accounts against weak passwords and common password-guessing techniques. The results showed that all but one device exhibited cyber security vulnerabilities across a majority of the categories tested.
“It’s hard to not be excited about what the IoT has enabled and will bring in the future, although that doesn’t mean cyber security should be sacrificed in the process,” said Brandon Creighton, Veracode security research architect.
“We need to look at the IoT holistically to ensure that the devices, as well as their web and mobile applications and back-end cloud services, are built securely from their inception. Security should not be treated as an afterthought or add-on, or we risk putting our personal information in jeopardy or even opening the door to physical harm.”