WeMo vulnerability upholds lax IoT security
Security researchers’ opinions differ when it comes to the internet of things. Is it a disaster waiting to happen or the best innovation out there? A little bit of both, some will say. So far, hackers have successfully exploited its vulnerabilities to launch the largest IoT botnet attack ever, leading researchers to believe this is a mere warm-up for what is actually coming.
On the other hand, connected home ecosystems strive to win consumers by creating demand for a number of gadgets they didn’t even know could be smart. Intelligent devices enhance performance and reduce costs, but they are also setting new standards for users and industries.
When you wake up, your home can turn on the lights and have coffee ready for you because they are connected to your smartphone and it knows exactly when your alarm goes off. Pretty good so far!
But the constant security issues are driving concern among users that hackers could exploit the vulnerabilities in the devices to sneak into their homes. The threat is real – pedophiles have used baby monitors to spy on sleeping children and, recently, a vulnerability in the Android app that controls WeMo home automation devices exposed all connected smartphones. The hackers who gained access to users’ phones were able to steal photos and even track users’ GPS location.
Users don’t always care about DDoS attacks on KrebsOnSecurity or that exploited IoT devices brought down the internet, because they don’t see how it could directly affect them. Users see only benefits. It’s very convenient to use the smartphone to control an entire house, but that means hackers can do the same, with devastating impact.
This is yet another reminder of the lax security of a number of smart devices. Manufacturers likely didn’t see the security holes because they wanted to get the products to market as soon as possible, without much interest in fixing bugs.