Tripwire survey finds zero-day vulnerabilities in many of the leading smart home hubs
Householders looking to make their homes more intelligent may want to think twice about installing ‘smart home’ hubs, a new survey has warned.
Researchers at security firm Tripwire found serious flaws in three of the top-selling smart home systems on Amazon which could put the residences at risk.
The study uncovered zero-day flaws inside the smart hubs, which, if exploited, could allow hackers to gain control of alarm settings, temperature levels and door locks, as well as being able to tell when people have left their home.
Tripwire, whose Vulnerability and Exposure Research Team undertook the research, also warns that the vulnerabilities could allow criminals to access local area networks and use the smart hubs as a basis for DDoS attacks.
Not so secure?
“Smart home hubs are steadily growing in popularity; however, as with many consumer technology products, functionality has trumped security,” said Craig Young, security researcher for Tripwire.
“Smart home hubs enable users to have control over the connected devices in their house, but they also open new doors for criminals. The threat is relatively low for now, but it will increase as malicious actors recognise how much information can be gained by attacking these devices.”
Tripwire has informed the smart hub vendors of the flaws, and two of the three have moved to patch the flaws – although one is still to do so, leaving it at risk of attack.
“Smart home hubs that are vulnerable to remote code execution could allow attackers to migrate from a breached computer to the hub, effectively hiding themselves on the network,” said Tyler Reguly, manager of security research at Tripwire.
“In addition, a cross-site request forgery could allow malicious actors to manipulate device settings every time the consumer surfs the web or opens an email. The risks are real, and the points of entry are numerous. Vendors need to acknowledge vulnerabilities and issue updates on a regular basis, and consumers need to realise the risks and apply vendor issued updates.”
Several of the technology industry’s biggest names have confirmed their interest in working in the smart home market.
This includes Apple, which is reportedly developing an app that will allow users to control their smart home via their mobile devices. Apple’s HomeKit software is already being used to make intelligent products for the home, including smart lightbulbs from GE which aim to lessen the effect that artificial lights have on our sleep patterns by giving consumers the ability to automate lighting according to the body’s natural sleep circadian rhythm.
What do you know about the Internet of Things? Take our quiz!