In recent years we have increasingly devices and equipment with “Smart” capabilities in our homes, capable of communicating with each other and accessing all types of cloud services through the Internet.
However, we have already commented on other occasions how the majority of them they are not completely safe, but they are susceptible to being attacked and therefore someone violating our privacy. How is the situation right now?
Well since the consumer organization OCU have developed a test to check the possible vulnerabilities of a selection of products for the connected home and home automation, reaching a worrying conclusion that we will review below.
A smart but vulnerable home
According to what they say on their website, OCU has selected 17 consumer products domestic among which have included 10 devices from unknown brandspurchased on both Amazon and AliExpress, and others 7 products from well-known brands that came onto the market a long time ago and no longer have manufacturer support, although they are still in use in Spanish homes.
To test the security of the devices, two experts tried to detect their weak points by first investigating what information there was about vulnerabilities already known on the Internet and then trying to use methods such as analyzing network traffic, breaking the security of a WiFi, discover passwordsintercept communications with man-in-the-middle attacks, etc.
They also attempted to reprogram the devices using a digital microscope to identify the microchips and then a logic circuit vulnerability analyzer. The result?
They identified a total of 61 vulnerabilities, 12 of them critical (serious or very serious) because pose a high risk to the security or privacy of users, being present in video surveillance cameras, electronic locks and portable devices (smartphones, smart watches and children’s tablets). Among the most common security flaws were the following:
- Many manufacturers they still accept weak passwords like “123456”, something that happened in 9 of the 17 devices analyzed.
- Weak or non-existent encryption of communications between devices and applications with servers. Those with access to the network can capture data such as password, username and video recordings.
- In four teams you could intercept communications between two parties and alter them (the so-called “man-in-the-middle attack”).
- Vulnerabilities due to lack of software updateeither because of the user or because the brand has stopped providing support for it.
- In addition, they also verified that someone With technical knowledge you can disassemble and manipulate certain equipment since, to facilitate repairs, physical connections are kept accessible allowing software to be altered or malicious programs to be installed.
This study also concludes that all these failures, although they are present in almost all brands, They are more common in little-known ones of foreign origin that we buy many times because of their low price in online stores, but that do not have advanced security measures or support to update possible problems detected.
In this sense, OCU recommends, for example, that let’s always buy from online stores based in the European Union and that we opt for devices from well-known brands that have the latest versions of operating systems.
Cover image | Mohamed Hassan
In Xataka Smart Home | Any connected device at home can be hacked. This innovative idea will make us more aware of it