Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Vulnerabilities Discovered in IoT Devices Suggest They’re Yet to be Fully Secured


IoT devices, which better our lives, require to be fully secured because they make a direct impact on 'our' security. Recently, security investigators discovered a foremost problem within a switch called WeMo that's accessible via the Internet even as it allows end-users to turn on or off the electronic devices installed inside their houses.

WeMo has a less-protected communications channel that makes a linkage between a smart-phone app and the switch without any authentication. Whatever data is transmitted it's sent in cleartext other than password of the IoT device that's encrypted using one AES algorithm of 128-bit magnitude and which's easily breakable. The encryption is done with a key based on WeMo's ID along with the device's MAC address. Softpedia.com posted this, March 30, 2016.

Another IoT gadget is the Lifx Bulb that works for adjusting a home lighting's intensity and color through an Android app. Cyber-criminals have tried capturing the credentials of the WiFi network at end-users' home by manipulating the latter's Android app so it would connect again with the home network. For this, the hacker establishes one phony hotspot and seizes the said credentials.

A likewise problem occurs within the starter kit LinkHub containing dual light-bulbs having GE Link along with one central management system, the two regulated through an Android application. There's no encryption by this device therefore the above ploy is enough to view the WiFi credentials without difficulty. Finally, a WiFi Audio Receiver namely MUZO Cobblestone, the lone IoT gadget to get one fix allows end-users to flow music onto any local sound arrangement from their MUZO Cobblestone.

Researchers from BitDefender found the device establishing one perpetually-open hotspot possible to brute-force entry and then extract the localized network's WiFi password. Thus by accessing such a network, an attacker intercepts the end-user's incoming and outgoing traffic, read the victim's browsing activities, and access authentication credentials pertaining to any insecure services.

Thus it follows, proper security is imperative for IoT devices' lifecycles. Security for these devices indicates that when any hyper-connected world is projected in a real way without the manufacturers incorporating protective measures inside their products, the results may prove life-threatening.

» SPAMfighter News - 4/5/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next