Vulnerable smart home IoT sockets let hackers access your email … – ZDNet

August 20, 2016 Facebook Twitter LinkedIn Google+ Uncategorized


Researchers have discovered critical security flaws in connected smart plugs which can give attackers access to a full home network — as well as your email account.

Bitdefender researchers Dragos Gavrilut, Radu Basaraba, and George Cabau said on Thursday that one particular device uses no encryption and weak default passwords, with no alerts issued to users to change them in the interests of security.

Internet of Things (IoT) devices are products with network capabilities. While these now range from smartphones to fridges, the use of smart plugs is also on the rise.

IoT-based smart outlets can be used to monitor energy usage, schedule devices to turn on and off at the user’s convenience, and can be used to power and control gadgets including security cameras, smart TVs and coffee makers, among others.

According to the security firm, a popular, but undisclosed, electrical outlet currently on the market not only has poor security in place but is also susceptible to malicious firmware updates which permit attackers to control devices remotely and gain an entry point into your home networks and activity.

To set up the device, users must plug it in, download the accompanying Android or iOS app, and then go through the installation process. The device requests the credentials to the user’s home network and then registers to vendor servers through UDP messages containing the device name, model, and MAC address. The server then replies with the firmware version, port, and local IP address.