These gadgets are chock full of amazing video and automation features. We can now add security risks too …
Recently, a UK consumer products evaluation organization analyzed 11 popular smart doorbells available in the region. The brands chosen have high use rates, and one brands is even endorsed by Amazon.
Two of the doorbells, from Victure and Ctroncs, had a security flaw that allowed criminals to steal network passwords and use them to hack the doorbell, router and other network-connected devices. The Victure vulnerability also saw sensitive information being sent, including WiFi network names and passwords.
Subsequently, 11 smart video doorbells sold online on Amazon and eBay have been found to contain multiple critical vulnerabilities.
IoT security for the uninitiated
According to some experts, the state of home IoT security is something that is still taken for granted by many consumers.
Said Check Point Software Technologies’ Chief Technology Officer (APAC), Tony Jarvis: “IoT devices have increasingly seen mainstream adoption in recent years. With their numbers growing, this has provided malicious actors with an incentive to target their vulnerabilities. Since the devices serve as entry points into homes and businesses, it is crucial to ensure these items are secured and that users’ privacy can be safeguarded.”
According to Jarvis, breaching such devices can result in many potential consequences. The collecting of personal information about users or their daily habits is just one. “If we focus our attention on IoT doorbells, it may be possible to collect audio and/or video, and physical security may be put at risk as well. These devices connect to WiFi networks and allow an attacker to potentially compromise other items on those networks, creating further damage as a result.”
A senior security engineer at Synopsys Software Integrity Group, Boris Cipot, noted: “When it comes to (such gadgets), consumers mainly consider appearance, functionality and pricing in their purchasing decision. The more functionality, the better the customer ratings tend to be. However, many items offered in online stores have falsified user reviews, making products appear more credible and capturing consumer attention. As such, when selecting an item, either online or in-store, it’s important that consumers research said item and do not solely trust user reviews on one platform. This is especially important if the product can access consumer personal data, including your whole home network.”
Insecure devices not only endanger consumer privacy and security, they can also damage brand image and trust. Buyers must be very careful when choosing IoT devices, as they can impact their lives in many different ways, Cipot concluded.
“To safeguard their home environment and personal data, consumers should make an effort to understand the security risks behind IoT devices, do the necessary background research on such products, and apply software patches as they become available,” said Jarvis.