Smart home mobile apps vulnerable to takeover

Researchers find that apps to control devices in the home could be easily hacked

An examination of a number of mobile apps to control smart home devices has discovered that the security in place is not good enough to prevent hackers from taking control.

According to research carried out by IT security firm Pradeo Security Systems, 80% of tested applications carry vulnerabilities, with an average of 15 per application. Moreover, 15% of them can lead to a man-in-the-middle attack. Researchers said this was of particular concern as this can lead to an object takeover by a cybercriminal.

The researchers looked at 100 IoT mobile applications (thermostat, electrical blinds, remote control, baby phone) available on Google Play and App Store.

The researchers said that while official stores applications rarely include a malware but they are not necessarily safe. They added that apps analysed by the company are sending the data they handle to 17 servers in average, and 8% of them are transmitting the information to uncertified servers.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Among these, some have expired and are available for sale. Anyone buying them could access all the data they receive," said Vivian Raoul, CTO of Pradeo Security Systems.

The research also found that 90% of applications leak the data they manipulate. Among these are application file content (81%), hardware information (device manufacturer, commercial name, battery status) (73%), device information (OS version number) (73%).

Raoul said that his firm has notified the IoT device manufacturers about the security problems they are exposed to.

While the number of smart home apps and devices are expanding with more developers getting in on the action, there's clearly a need for security to be seriously considered, otherwise homes and offices could end up with a deluge of potential vulnerabilities on their networks. 

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/33091/smart-home-device-manufacturers-must-do-more-to-protect-users-from-hacking
Security

Smart home device firms need to do more to prevent hacks

26 Feb 2019
Visit/network-internet/internet-of-things-iot/354408/amazon-apple-and-google-join-forces-on-voice-for
Internet of Things (IoT)

Amazon, Apple and Google join forces on voice for smart homes

19 Dec 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/network-internet/broadband/354530/openreach-offers-free-full-fibre-installation-for-thousands-of
broadband

Openreach offers free full-fibre installation for thousands of homes

14 Jan 2020