Too many IoT smartphone apps making life easy for online criminals
Warnings have been raised again about the security of the smartphone apps used to control IoT devices, with many found to be lacking elementary security and privacy measures.
Researchers at Pradeo Lab looked at a representative sample of 100 mobile applications used to control a variety of IoT devices, including thermostats, electric blinds, and baby monitors.
All of the apps were sourced from the official app stores run by Google and Apple, which you would like to think ensures a certain level of quality control.
However, although none of the apps can be classified as downright malicious, worrying evidence was found of mobile apps used to control ‘smart’ home devices apps being vulnerable to attacks, or downright reckless in how they handled users’ sensitive information.
According to the research, an alarming 80% of the tested apps contained vulnerabilities, with an average of 15 flaws discovered per application.
15% of the vulnerabilities discovered, said the researchers, could lead to a man-in-the-middle (MITM) attack, where a hacker could not only intercept communications sent between an IoT device and its smartphone app – but even potentially send it rogue commands allowing a criminal to hijack control.
And then there are concerns over data being sent to third party remote servers. 8% of the applications (approximately one in 12) ‘phoned home’ or connected to uncertified servers. According to Praedo, some have expired and are available for sale, opening opportunities for a malicious actor to buy them up in order to access any data received.
The researchers finished their report by noting the breadth of data that is leaked by the flawed apps they discovered, with 90% said to be leaking one type of data or another:
- Application file content: 81% of applications
- Hardware information (device manufacturer, commercial name, battery status etc): 73%
- Device information (OS version number etc): 73%
- Temporary files: 38%
- Phone network information (service provider, country code etc): 27%
- Video and audio records: 19%
- Files coming from app static data: 19%
- Geolocation: 12%
- Network information (IP address, 2D address, Wi-Fi connection state): 12%
- Device identifiers (IMEI): 8%
It’s clear to me that many IoT devices, and their associated apps, are made down to a price rather than up to a decent level of security and privacy. If you cannot trust manufacturers to have built their products to a decent level of security then you’re going to have to either take additional measures to defend privacy in your ‘smart’ home or throw the gadgets in the dustbin.
Ultimate Privacy Guide for Your Facebook Account
August 31, 2021
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices
August 27, 2021
Your Netflix Account May Be on Sale on Darkweb. Protect It
August 13, 2021
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
FOLLOW US ON
You might also like
September 23, 2021
September 23, 2021
September 22, 2021