Some smart home devices are dumb when it comes to IoT security.
Home IoT devices such as the Sharx security camera, Ubi smart speaker and other devices are increasing in popularity but many of them have serious IoT security flaws, according to researchers at Princeton University’s Center for Information Technology Policy (CITP).
At the Federal Trade Commission (FTC) PrivacyCon conference, the researchers gave a presentation that revealed that quite a few popular Internet of Things devices are not encrypting the data they transmit. The list of devices and associated security issues include:
- Nest Thermostat: Location information such as zip code can identify the user; Nest fixed the bug after the Princeton report.
- Ubi smart speaker: Much of the information from the device, sent via unencrypted http, could reveal “critical information, such as whether the user was home, or even movements within a house,” CITP researchers noted.
- Sharx Security Camera: transmitted video over unencrypted FTP. Required a password to view the stream, but “anybody on the network could view the stream and where it was going,” said CITP researcher Sarthak Grover.
- Pix-Star digital photoframe: loads photos from the user’s Facebook account, and sends that login info over the Internet in the clear. This means a hacker could potentially intercept that data and take over the user’s Facebook account.
Researchers said the network architecture was poorly designed when it came to IoT security.
“The devices inside the home send all of the information to the cloud,” said Princeton Ph.D. student Sarthak Grover during his talk. “In fact, if you have two devices in the home and they want to talk to each other, currently they will talk to the cloud and the information will get back to the home.”
“So what we have here is a pretty bad combination,” he said. “We have hardware which is incapable and we have information which is always being sent to the cloud.”
Researchers found the SmartThings Hub, which can connect IoT devices such as the Belkin WeMo switch and the Nest, to be very secure, with no information about attached IoT devices.
Want more? Check out our most-read content:
White Paper: How to ‘Future-Proof’ a Streaming Analytics Platform
Research from Gartner: Real-Time Analytics with the Internet of Things
E-Book: How to Move to a Fast Data Architecture
The Value of Bringing Analytics to the Edge
Three Types of IoT Analytics: Approaches and Use Cases
Fast Data: Why Business and IT Are Now Inseparable
How In-Memory Data Grids Turbocharge Analytics
Liked this article? Share it with your colleagues!