One of the greatest concerns surrounding the growth of the Internet of Things (IoT) is its security, and it seems that some people's worst fears have just been realised.
Security experts at Trend Micro have discovered a vulnerability in Qualcomm Snapdragon-produced SoC (system on a chip) devices.
In fact, it is the same vulnerability that cropped up earlier in the month, affecting Nexus 5, Nexus 6, Nexus 6P and Samsung Galaxy Note Edge Android handsets. This in itself is concerning as these are devices that are no longer in line for security updates, but more concerning is the fact that the same chips are used in IoT devices. The vulnerability makes it possible for an attacker to gain root access to the hardware, and this is worrying in a world of inter-connected devices.
In the interests of trying to contain the problem, Trend Micro has not revealed full details of the vulnerability but is using the issue to highlight a serious problem not just for handset owners but also for adopters of the IoT. The lack of updates available for the affected phones illustrate perfectly just how a security issue discovered in another connected device using the same chip - a fridge, a home heating system, a car - could be left vulnerable in exactly the same way.
Trend Micro's Noah Gamer writes:
Gamer highlights some recent examples of hacked connected devices including a Barbie doll that could be used as a surveillance device, and a pacemaker that could be used to kill the person it was inside. Hacking a smartphone by exploiting a vulnerability is one thing, but as the IoT infiltrates further and deeper into our lives, the long arm of attackers could reach even further and have even more disastrous consequences.
Updates - and a reliable system for delivering them - are what's needed, says Trend Micro: "If the IoT is going to be as widespread as many experts predict, there needs to be some sort of system in place ensuring these devices are safe for public use.
"Security updates are an absolute necessity these days, and users of these connected devices need to know what they're dealing with."