Smart home mobile apps vulnerable to takeover

Researchers find that apps to control devices in the home could be easily hacked

An examination of a number of mobile apps to control smart home devices has discovered that the security in place is not good enough to prevent hackers from taking control.

According to research carried out by IT security firm Pradeo Security Systems, 80% of tested applications carry vulnerabilities, with an average of 15 per application. Moreover, 15% of them can lead to a man-in-the-middle attack. Researchers said this was of particular concern as this can lead to an object takeover by a cybercriminal.

The researchers looked at 100 IoT mobile applications (thermostat, electrical blinds, remote control, baby phone) available on Google Play and App Store.

The researchers said that while official stores applications rarely include a malware but they are not necessarily safe. They added that apps analysed by the company are sending the data they handle to 17 servers in average, and 8% of them are transmitting the information to uncertified servers.

"Among these, some have expired and are available for sale. Anyone buying them could access all the data they receive," said Vivian Raoul, CTO of Pradeo Security Systems.

The research also found that 90% of applications leak the data they manipulate. Among these are application file content (81%), hardware information (device manufacturer, commercial name, battery status) (73%), device information (OS version number) (73%).

Raoul said that his firm has notified the IoT device manufacturers about the security problems they are exposed to.

While the number of smart home apps and devices are expanding with more developers getting in on the action, there's clearly a need for security to be seriously considered, otherwise homes and offices could end up with a deluge of potential vulnerabilities on their networks. 

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

President Biden’s Peloton raises cyber security concerns
cyber security

President Biden’s Peloton raises cyber security concerns

21 Jan 2021
Google announces switch-off date for Android Things
Google Android

Google announces switch-off date for Android Things

18 Dec 2020
Flaws in open source protocols expose millions of embedded devices
cyber security

Flaws in open source protocols expose millions of embedded devices

9 Dec 2020
Most organizations aren’t tracking their IoT assets
Internet of Things (IoT)

Most organizations aren’t tracking their IoT assets

17 Nov 2020

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is the Raspberry Pi Pico?
Hardware

What is the Raspberry Pi Pico?

21 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021