2 min read

Too many IoT smartphone apps making life easy for online criminals

Graham CLULEY

March 29, 2018

Too many IoT smartphone apps making life easy for online criminals

Warnings have been raised again about the security of the smartphone apps used to control IoT devices, with many found to be lacking elementary security and privacy measures.

Researchers at Pradeo Lab looked at a representative sample of 100 mobile applications used to control a variety of IoT devices, including thermostats, electric blinds, and baby monitors.

All of the apps were sourced from the official app stores run by Google and Apple, which you would like to think ensures a certain level of quality control.

However, although none of the apps can be classified as downright malicious, worrying evidence was found of mobile apps used to control ‘smart’ home devices apps being vulnerable to attacks, or downright reckless in how they handled users’ sensitive information.

According to the research, an alarming 80% of the tested apps contained vulnerabilities, with an average of 15 flaws discovered per application.

15% of the vulnerabilities discovered, said the researchers, could lead to a man-in-the-middle (MITM) attack, where a hacker could not only intercept communications sent between an IoT device and its smartphone app – but even potentially send it rogue commands allowing a criminal to hijack control.

And then there are concerns over data being sent to third party remote servers. 8% of the applications (approximately one in 12) ‘phoned home’ or connected to uncertified servers. According to Praedo, some have expired and are available for sale, opening opportunities for a malicious actor to buy them up in order to access any data received.

The researchers finished their report by noting the breadth of data that is leaked by the flawed apps they discovered, with 90% said to be leaking one type of data or another:

  • Application file content: 81% of applications
  • Hardware information (device manufacturer, commercial name, battery status etc): 73%
  • Device information (OS version number etc): 73%
  • Temporary files: 38%
  • Phone network information (service provider, country code etc): 27%
  • Video and audio records: 19%
  • Files coming from app static data: 19%
  • Geolocation: 12%
  • Network information (IP address, 2D address, Wi-Fi connection state): 12%
  • Device identifiers (IMEI): 8%

It’s clear to me that many IoT devices, and their associated apps, are made down to a price rather than up to a decent level of security and privacy. If you cannot trust manufacturers to have built their products to a decent level of security then you’re going to have to either take additional measures to defend privacy in your ‘smart’ home or throw the gadgets in the dustbin.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

New Malware Campaign Targets Linux and Web Apps to Install Crypto-Mining Software New Malware Campaign Targets Linux and Web Apps to Install Crypto-Mining Software
Silviu STAHIE

September 23, 2021

1 min read
What Is a VPN, How Does It Protect Me, and What Cool Perks Does it Offer? What Is a VPN, How Does It Protect Me, and What Cool Perks Does it Offer?
Filip TRUȚĂ

September 23, 2021

2 min read
Security Researcher Publishes Lock Screen Bypass for iOS 15 on Launch Day Security Researcher Publishes Lock Screen Bypass for iOS 15 on Launch Day
Silviu STAHIE

September 22, 2021

1 min read