Smart Home Appliances - Digital Hazard for Humanity & IoT : Alert
By MYBRANDBOOK
It is estimated that by 2020, not so far from now, 20.4 billion smart home devices will be installed. Nearly doubling the number installed this year alone, there are IoT devices heated towards the whole family, from mom, dad, kids, and even pets. With this growing popularity though, security concerns grow as well — ignoring the safety and integrity of these devices enables risk.
McAfee Labs’ Advanced Threat Research team today detailed vulnerabilities in two smart home devices that could cause grief for users: a smart padlock and an internet-connected coffee maker.
The first device, called BoxLock, first made an appearance on the show Shark Tank and is designed to be set up outside a home to secure a package delivery container.
So-called “porch pirates,” people who steal deliveries from the front of homes, has become a growing problem in the U.S. in the age of home deliveries. The idea is by having a secure container, the delivery person can place the ordered item in the container and then secure it with the BoxLock.
The lock can be opened by via a mobile application or by using the built-in barcode scanner to scan a package that is being delivered. Homeowners can then later unlock the BoxLock to retrieve the delivered item once they return home.
If that all sounds great in theory, the implementation of security in the device was not. The vulnerability lies with the device’s use of Bluetooth Low Energy which can be used to download an app, send one command and open the lock.
The issue isn’t related to BLE itself but the specific implementation used by the vendor. The researchers were able to find a way, using Generic Attributes commands from a smartphone without the BoxLock app installed, to open the device.
The good news is that the BoxLock was responsive when the McAfee researchers approached them, both working with them to rectify the issue and roll out patches to the lock.
mrcoffeeSecond on the list is an internet-connected coffee machine, the Mr. Coffee Smart Coffeemaker enabled with WeMo.
WeMo is an “internet of things” platform from Belkin International Inc. that now finds itself appearing in other devices as well.
The coffeemaker accepts scheduling of coffee brewing via the WeMo app but in doing so does not properly validate requests. What that means is that the third-party with access to the network could schedule coffee-making on demand.
While that may not sound specifically nefarious, the coffeemaker could be forced on without fresh coffee in place potentially causing either burned coffee or in an extreme case even a fire.
Belkin did not respond to the McAfee security researchers but has since issued an update that addressed the issue.
“Most businesses, from Fortune 500s to mom-and-pop shops, will likely deal with a security breach or vulnerability disclosure at some point,” Steve Povolny, head of Advanced Threat Research at McAfee, told SiliconANGLE. “Those who are proactive and very public in addressing the issue have an opportunity to reinforce consumer trust and confidence.”
In the case of vulnerability disclosure, he added, “by engaging with the research team and coordinating on the mitigation and communication of the issue, vendors can set themselves apart in industries that are facing further security scrutiny from customers, shareholders and the general public.”
Getting into the habit of being mindful of IoT devices is essential when bringing them into the home. Routines like checking devices for unwanted connectivity features, updating two-factor authentication settings, and opening up a separate network for guests keep us mindful and protected from the risks. Even the FBI recommends resetting your router once in a while, to avoid VPNFilter malware. Habits as simple as regularly checking for security patch updates can make a huge difference against cyber criminals. As a household, ensuring everyone is on the same page when it comes to cyber safety and IoT connectivity makes for a secure home.
If it’s got an internet connection, it very well may be vulnerable to cyber attack. Do you know how secure your home IoT devices and also You.. are..?
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
LUMINOUS POWER TECHNOLOGIES PVT. LTD.
OPTIEMUS INFRACOM
LAVA INTERNATIONAL LTD.
TAC SECURITY SOLUTIONS
Technology Icons Of India 2023: Ritesh Agarwal
Ritesh Agarwal Founder & CEO of OYO Hotels & Homes-World’s fastest g...
Technology Icons Of India 2023: Josh Foulger
Josh is the Country Head of India and MD of Bharat FIH Ltd (A Foxconn ...
Technology Icons Of India 2023: Hari Om Rai
Hari Om Rai is the Co-founder, Chairman & Managing Director of Lava In...
Aadhaar: Architecting the World's Largest Biometric Identity System
The Unique Identification Authority of India (UIDAI) is a statutory au...
C-DOT enabling India in indigenous design, development and production of telecom technologies
An autonomous telecom R&D centre of Government of India, Center of Dev...
C-DAC keeps India ahead in IT & Electronics R&D space
Centre for Development of Advanced Computing (C-DAC) is the premier R&...
ACCERON INFOSOL PVT. LTD.
It is a leading value added distributor in the IT security space and h...
B D SOFTWARE
BD Software is the distributor of IT security solutions in India. The ...
SUPERTRON ELECTRONICS PVT. LTD.
Supertron deals in servers, laptops, components, accessories and is a...