Researchers have discovered critical security flaws in connected smart plugs which can give attackers access to a full home network — as well as your email account. Craig Young, Security Researcher at Tripwire commented below.
Craig Young, Security Researcher at Tripwire:
“This is entirely unsurprising to anyone who’s been paying attention to the IoT market. Often times these devices do not use authentication at all and when they do it is commonly hardcoded or generated with an insecure algorithm. Product vendors in this space may have expertise when it comes to making hardware but it seems that they lack experience with respect to designing software. IoT security is in its infancy with vendors repeating the many mistakes made by software developers in the 90s. This is quite a serious problem however as more and more devices represent not just an infosec risk but can also present personal safety risks. What would happen to our power grid if millions of Internet connected outlets were compromised and then all triggered to turn on and off devices at the same time?”