Summary:Research analyzing today's smart home devices has revealed disturbing security implications for consumers.
Symantec
Research into IoT devices has revealed poor security practices which could easily bring down your connected home.
Internet of Things (IoT) and smart home devices are based on the idea of the connected home. From smart fridges which alert you when temperature systems break down or food is going off, or smart thermostats and smartphone-controlled lighting -- the possibilities of IoT are endless. While designed to make daily life more convenient, the industry seems to be running before it can walk -- and basic device protection is being left in the dust.
Companies are churning out devices rapidly, from Google's Nest smart thermostat to Apple and Microsoft's experiments with connected cars. However, we are seeing the same problems with smart devices as we are experiencing with online services -- a lack of basic protection which places users at risk.
On Thursday, security firm Symantec released a white paper (.PDF) which explores how secure our common, connected home devices really are. In a blog post, Symantec security researcher Candid Wueest details the research, in which 50 smart home devices were scrutinised. The researchers found that many of them included basic security problems, including weak authentication and little protection against common web vulnerabilities.
The researchers analyzed smart thermostats, locks, light bulbs, smoke detectors, energy management devices and hubs, but the report's findings could also apply to other IoT devices including security alarms, surveillance camera, broadband routers and network attached storage (NAS) devices.
Symantec found that none of the 50 devices analyzed used mutual authentication or enforced strong passwords. In addition, some devices even prevented the user from setting up strong passwords on the cloud interface by restricting authentication to only a simple four-number PIN code -- and none supported two-factor authentication. Coupled with no password brute-force attack mitigation, most devices could be accessed easily by hackers.
In addition to a lack of strong authentication, many smart home web interfaces "suffer from well-known web application vulnerabilities," according to the researchers. While testing 15 IoT cloud interfaces, the team found these devices contained severe vulnerabilities. Symantec discovered and reported 10 vulnerabilities related to issues such as remote code execution, remote file inclusion (RFI), and SQL injection. One device which caused concern in particular was a smart door lock which the team was able to open remotely across the web without knowing the password.
Symantec said:
See the original post here:
Symantec research highlights security failures in the connected home
- The Best MyQ Home Security Devices To Help Give You Peace Of Mind - Forbes - March 17th, 2025 [March 17th, 2025]
- How Home Alarm System Brand ADT Learned To Love CTV - AdExchanger - March 17th, 2025 [March 17th, 2025]
- Teyana Taylor Will Receive 4 Homes Worth More Than $10 Million as Part of Multimillion-Dollar Divorce Settlement With Iman Shumpert - SFGATE - March 17th, 2025 [March 17th, 2025]
- This solar-powered outdoor camera might be the only one you'll ever need - ZDNet - March 17th, 2025 [March 17th, 2025]
- Is There a Security Camera That Works Without Wi-Fi? - Security.org - March 17th, 2025 [March 17th, 2025]
- Lily Allen and David Harbour Turned Their Brooklyn Home Into 'Weird' Floral WonderlandSo, What Becomes of It Amid Rumored Split? - SFGATE - February 8th, 2025 [February 8th, 2025]
- Caught on camera: Bixby woman nearly walks in on masked burglar in her home - news9.com KWTV - February 8th, 2025 [February 8th, 2025]
- Smart Lock Market to Attain Valuation of US$ 15.42 Billion by 2032 - Yahoo Finance - February 8th, 2025 [February 8th, 2025]
- Travis Kelce goes full John Wick on home security after burglary - Marca English - February 8th, 2025 [February 8th, 2025]
- Google Nest Security Camera With Floodlight Wont Stay This Cheap for Long, First Price Drop in Months - Gizmodo - February 8th, 2025 [February 8th, 2025]
- The 3 Best Smart Water-Leak Detectors of 2025 | Reviews by Wirecutter - Wirecutter, A New York Times Company - February 8th, 2025 [February 8th, 2025]
- Oil Billionaire Bill Koch Lists His Eco-Friendly 'Once in a Lifetime' Aspen Estate for $125 MillionMore Than Four Times What He Paid - SFGATE - February 8th, 2025 [February 8th, 2025]
- Home Security Systems Market is anticipated to project robust - openPR - February 8th, 2025 [February 8th, 2025]
- The best Wyze Cam alternative I've tested is only $20 with this deal - ZDNet - February 8th, 2025 [February 8th, 2025]
- Eufy SoloCam S340 review: a solar-powered and fully wireless outdoor security camera - The Independent - February 8th, 2025 [February 8th, 2025]
- Smart Lock Buying Guide: Picking Locks the Right Way - CNET - February 8th, 2025 [February 8th, 2025]
- Trump's Homeland Security pick pressed on domestic terrorism in hearing - NPR - January 21st, 2025 [January 21st, 2025]
- Man watches in horror from security camera as California wildfire engulfs his home: 'All I could do' - Fox Weather - January 21st, 2025 [January 21st, 2025]
- Unprecedented video shows falling meteorite, records sound of impact - For The Win - January 21st, 2025 [January 21st, 2025]
- HomeKit Weekly: Combat dry winter air with the SwitchBot Smart Evaporative Humidifier - 9to5Mac - January 21st, 2025 [January 21st, 2025]
- The Google Home app is getting a big update, and it's good news for your security - TechRadar - January 21st, 2025 [January 21st, 2025]
- 6 ways Reolink's CES 2025 gadgets upped the ante for every other security camera this year - Android Police - January 21st, 2025 [January 21st, 2025]
- No Monthly Fee, the Eufy Security Floodlight Cam Is Now More Affordable Than Ever - Gizmodo - January 21st, 2025 [January 21st, 2025]
- Sound of Meteorite Hitting Earth Recorded by Security Camera Moments After Couple Left Home to Walk Their Dogs - PEOPLE - January 21st, 2025 [January 21st, 2025]
- Attempted burglary in Cranford highlights importance of home security - News 12 New Jersey - January 3rd, 2025 [January 3rd, 2025]
- Matthew Stafford had police inspect his home for potential security flaws amid burglaries - Rams Wire - January 3rd, 2025 [January 3rd, 2025]
- The Ring Stick Up Cam Pro drops to its all-time low price! - Android Authority - January 3rd, 2025 [January 3rd, 2025]
- Dallas Mavericks star Luka Doncic's home targeted in string of home burglaries - CBS News - January 3rd, 2025 [January 3rd, 2025]
- How Wireless Doorbell Kits Are Changing Home Security for the Better - openPR - January 3rd, 2025 [January 3rd, 2025]
- What UHNWs can learn about home security from 10 million London mansion heist - Spear's WMS - January 3rd, 2025 [January 3rd, 2025]
- Luxury Turns to Loss: Shafira Huangs Shocking Theft - Qhubo - January 3rd, 2025 [January 3rd, 2025]
- Home Tech Companies Are Peddling 'Affectionate Intelligence.' Should We Fall for It? - CNET - January 3rd, 2025 [January 3rd, 2025]
- The Best of Smart Home in 2024: The 10 Articles You Read the Most - How-To Geek - January 3rd, 2025 [January 3rd, 2025]
- The Top Home Security Mistakes to Stop Making in 2025 - CNET - January 3rd, 2025 [January 3rd, 2025]
- MagSafe Monday: LISEN delivers the strongest MagSafe magnet Ive found for the car - 9to5Mac - January 3rd, 2025 [January 3rd, 2025]
- The best floodlight and security camera combo I've tested is $70 off - ZDNet - January 3rd, 2025 [January 3rd, 2025]
- I invested in a subscription-less video doorbell, and it's paying off for my smart home - ZDNet - January 3rd, 2025 [January 3rd, 2025]
- NBA follows NFL in warning players on burglaries - ESPN - November 29th, 2024 [November 29th, 2024]
- Find heavily discounted security cameras and video doorbells ahead of Black Friday - Mashable - November 29th, 2024 [November 29th, 2024]
- This Floodlight Camera Has My Backyard Covered, and It's Under $100 for Black Friday - Lifehacker - November 29th, 2024 [November 29th, 2024]
- Get the ultimate home security this holiday season with Wyze starting at $17 - New York Post - November 29th, 2024 [November 29th, 2024]
- This Is the Best Black Friday Deal for an All-Purpose Security Cam I've Ever Seen - CNET - November 29th, 2024 [November 29th, 2024]
- NBA memo to players urges increased vigilance regarding home security following break-ins - Ashland Daily Press - November 29th, 2024 [November 29th, 2024]
- Find discounted security cameras and video doorbells ahead of Black Friday - Mashable - November 29th, 2024 [November 29th, 2024]
- The 4 Most Common Package Scams in 2024 -- and How to Stop Them - CNET - November 29th, 2024 [November 29th, 2024]
- Keep Your Home Protected During Your Holiday Travel With Up to 60% Off Blink Outdoor 4 Cams - CNET - November 21st, 2024 [November 21st, 2024]
- Editor's Note: Whats Old is New and Innovative Again? - SecurityInfoWatch - November 21st, 2024 [November 21st, 2024]
- Beef Up Your Home Security and Get Up to 77% Off With These Arlo Black Friday Deals - CNET - November 21st, 2024 [November 21st, 2024]
- Ive ditched my Nest Cams for a Chinese smart security brand you probably havent heard of - The Ambient - November 21st, 2024 [November 21st, 2024]
- Boost Your Home's Security With the Outdoor Roku Cam, Down to $20 for Black Friday - CNET - November 21st, 2024 [November 21st, 2024]
- Home Security Experts Share Important Insights About the Travis Kelce and Patrick Mahomes Burglaries - House Beautiful - November 21st, 2024 [November 21st, 2024]
- Infinity Symbol-Shaped Circular House Hits the Market for the Unique Price of $3,399,888 - SFGATE - November 21st, 2024 [November 21st, 2024]
- The Blink Outdoor 4 Home Security Cameras Are Cheaper Than Last Year's Black Friday Prices - Gizmodo - November 21st, 2024 [November 21st, 2024]
- Blink Mini 2 review: this home security camera is good price, but unimpressive performance might make you think twice - TechRadar - November 21st, 2024 [November 21st, 2024]
- How to Scrub Your Home Address Off the Internet and Keep It Off - CNET - November 21st, 2024 [November 21st, 2024]
- Defiant Smart Home Alarm Kit review: Just the basics - TechHive - November 21st, 2024 [November 21st, 2024]
- New Report Cites Six Outdoor Home Improvements That Enhance Wellness - Forbes - November 21st, 2024 [November 21st, 2024]
- 3 New AI Smart Home Features Arrive With Gemini and Google Nest - CNET - November 21st, 2024 [November 21st, 2024]
- Announcing the 2024 Readers' Choice Product Awards! - SecurityInfoWatch - November 21st, 2024 [November 21st, 2024]
- The Arlo 2K battery-powered security camera is 60% off before Black Friday - ZDNet - November 21st, 2024 [November 21st, 2024]
- Abilene Police expert offers advice on safeguarding your home during the holiday season - KTXS - November 21st, 2024 [November 21st, 2024]
- Travis Kelce and Taylor Swift take drastic measures after home burglary: 'They have 24-hour armed security staff' - Marca.com - November 21st, 2024 [November 21st, 2024]
- Smart Home Security Market will increase to USD 10.25 Billion by 2030 - openPR - November 21st, 2024 [November 21st, 2024]
- Want better home security? Dont miss these Reolink early Black Friday deals - Digital Trends - November 21st, 2024 [November 21st, 2024]
- An Interview With the Target & Home Depot Hacker - Krebs on Security - November 21st, 2024 [November 21st, 2024]
- Protect Your Home Title & Equity from Fraud with TripleLock Monitoring, Alerts & Restoration - ABC Action News Tampa Bay - November 12th, 2024 [November 12th, 2024]
- Wireless Home Security Camera Market is growing at a CAGR of 20% in the forecast period (2024-2031) - openPR - November 12th, 2024 [November 12th, 2024]
- Yes, Smart Homes Are Vulnerable to Cybercriminals. Here's What You Need to Know. - House Beautiful - November 12th, 2024 [November 12th, 2024]
- Limited-Time Deal: Protect Your Home or Business With a Ring Indoor Camera at Almost 40% Off - CNET - November 12th, 2024 [November 12th, 2024]
- The 3 Best Indoor Security Cameras of 2024 | Reviews by Wirecutter - Wirecutter, A New York Times Company - November 12th, 2024 [November 12th, 2024]
- Get home security cameras up to 60% off and feel extra cozy this winter - Mashable - November 12th, 2024 [November 12th, 2024]
- Resideo Unveils Honeywell Home FocusPRO Thermostats - SecurityInformed - November 12th, 2024 [November 12th, 2024]
- A Smart Before-the-Holidays Decision: Arlo and Allstate are Boosting Peace of Mind with New Home Security Bundle - IoT Evolution World - November 12th, 2024 [November 12th, 2024]
- The Google Nest Cam With Floodlight Is at Its Lowest Ever Price, but Not for Long - CNET - November 12th, 2024 [November 12th, 2024]
- Man shot by security guard at Home Depot in Northeast Philly - The Philadelphia Inquirer - November 12th, 2024 [November 12th, 2024]
- Keep Eyes on Your Home at All Times With a Blink Outdoor Cam for 60% Off - CNET - November 12th, 2024 [November 12th, 2024]
- A Letter to the Nation's New Leaders: Right Now, the American Dream of Homeownership Is in Crisis - SFGATE - November 12th, 2024 [November 12th, 2024]
- Get your tickets SECURED to Z100s Jingle Ball from Slomins Home Security! - iHeart - November 12th, 2024 [November 12th, 2024]
- We test a new home security package that couldn't be simpler to install - The Scotsman - November 12th, 2024 [November 12th, 2024]
- 6 Smart Gadgets That Will Instantly Upgrade Any Home's Lighting And Security - SlashGear - November 12th, 2024 [November 12th, 2024]