After testing 100 mobile apps
designed to control smart devices such as a thermostats, electrical blinds and baby monitors, security researchers Pradeo Lab
concluded the majority of them have a raft of worrying vulnerabilities.
Specifically, none of the apps could be called malicious but they are certainly open to attack and also ‘reckless’ in how they manage users’ sensitive data. Worryingly, all the apps came from either the Google Play Store or Apple’s App Store which gives them a veneer of credibility.
- According to the research, 80 percent of the tested apps contained vulnerabilities, with an average of 15 flaws discovered for each application.
- 15 percent of the discovered vulnerabilities could lead to a man-in-the-middle attack, in which an hacker intercepts communications sent between an IoT device and its smartphone app. Potentially they could also send it rogue commands allowing a criminal to take control of the device.
- Eight percent of the applications connected to uncertified servers. Apparently some of these are available for sale which means those with malicious intent could buy them and access data.
The researchers discovered that 90 percent of the flawed apps also leaked a wide range of data. Some of this data includes phone network information such as the service provider and country code, video and audio records, geolocation data and network information such as the IP and Wi-Fi connection state.
Are we surprised?
Given the often parlous state of smart device security we shouldn’t be too surprised to discover apps associated with these devices are essentially riddled with holes.
It’s clear that smart device manufacturers are focusing on price for competitive reasons rather than building in security at the design stage. This short term outlook will be sure to backfire as smart devices become increasingly common and also are increasingly hacked.
That said, very few people who buy smart devices are aware of the security loopholes. This is why the award-winning Dojo by BullGuard
is so important.
Dojo provides innovative security technology for the smart connected home. It constantly studies the network, learns about each device and to detect and block threats.
- Dojo connects to the Wi-Fi network and acts as a layer between smart devices and threats to the entire network security and privacy.
- Dojo Pebble- connects to a router and can be freely moved around the home. The Pebble glows if there is any activity that needs to be addressed in the user-friendly Dojo app.
- The Dojo friendly app gives real-time visibility and control over the home Wi-Fi network. For instance it provides risk notifications such as a privacy breach detection and immediately blocks attacks providing users with total peace of mind that their home network is secure.