Critical design flaws found in popular smart devices sold across US

Are there any security improvements in smart devices in 2019 or are manufacturers just trying to wing it? Even though the intensity of IoT threats is growing and some attack methods are predictable, many popular smart home devices are still sold by top retailers such as Walmart, Amazon or Target with a number of systemic design flaws that don’t notify homeowners about hacking attempts or other security issues, found researchers at North Carolina State University. Specifically, they “enable sensor blinding and state confusion attacks.”

To raise awareness about the widespread vulnerabilities found in the most common smart gadgets in the US home, the researchers selected and investigated 24 connected devices ranging from security cameras, motion sensors, smart home environmental monitoring, connected doorbells, garage door openers and smart-locks.

Critical design flaws that increase attack exposure were detected in 22 out of the 24 devices evaluated. The flaws “enable attacks to transparently disrupt the reporting of device status alerts or prevent the uploading of content integral to the device’s core functionality,” reads the report. Suppression attacks, for example, can be carried out on routers because the system can’t tell a heartbeat signal from another so it is not reporting the issue.

According to Bradley Reaves, co-author and assistant professor of computer science, the major issue is that smart devices are created “with the assumption that wireless connectivity is secure and won’t be disrupted – which isn’t always the case.”

Because manufacturers rush to market in spite of immature implementations, some design flaws make it into the wild. Even if it’s not deliberate, it’s not their intention to expose homeowners to attacks, manufacturers need to find a solution to make the devices reliable and ensure data privacy and security of all information transmitted through the messaging protocols to cloud-based servers.

One comment

  • By Daniel Dube - Reply

    Just a tought… one the wireless connection is done. The communication between devices should be throught a VPN, with device certificates.

  • Add Comment

    Your email address will not be published. Required fields are marked *