Plugging things into a smart electrical plug might not be the wisest of choices at the moment, because they could easily be hacked, putting both your physical and digital life at risk.
This is according to a new report by Bitdefender, which says that smart electrical plugs could be hacked, and the attacker could not only gain access to your personal data, but also reprogram the plug.
If these plugs control your security systems or medical devices – it could spell a whole lot of trouble.
There are two crucial problems with such devices, according to the report. First, the hotspot is secured with a ‘weak username and password combination’, and the app which controls the plug does not alert the user that it’s risky to keep these credentials on default.
Changing them is actually quite easy, by clicking ‘Edit’ on the name of the smart plug, from the main screen and choosing new credentials.
But the second part is even nastier. During configuration, the mobile app sends both the Wi-Fi username and password in plain text, over the network. All communications between the device and the app is encoded, but not encrypted.
“Encoding can be easily reversed using a scheme that is publicly available, while encryption keeps data secret, locked with a key available for a selected few,” the researchers said.
“This type of attack enables a malicious party to leverage the vulnerability from anywhere in the world”, says Alexandru Balan, Chief Security Researcher at Bitdefender. “Up until now most IoT vulnerabilities could be exploited only in the proximity of the smart home they were serving, however, this flaw allows hackers to control devices over the Internet and bypass the limitations of the network address translation. This is a serious vulnerability, we could see botnets made up of these power outlets.”
Bitdefender advises everyone to research home IoT devices before buying, thoroughly. Test the gadget to see how it works, read the privacy statement and install a home cyber-security solution.
Image Credit: Bitdefender