Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Many connected-home devices lack robust security features, security firm claims

Jake Widman | April 8, 2015
According to a report released this morning by security provider Veracode, many of the Internet of Things devices that consumers are buying for their increasingly connected homes are vulnerable to hacker exploits. While Veracode looked at different devices and vulnerabilities, its overall findings mirror those by Synack, which we reported on last month.

"Essentially you could call those debugging interfaces 'unintentional back doors' because of the level of access that they give," Creighton said. "If you have access to the local network that these devices are running on, then you can use standard debugging tools to connect to that service and run commands on it and completely bypass any password or authentication. I'm sure that's important for the manufacturers to do development and testing, but it should not be on in the real world."

No need to panic

Despite the findings, Creighton cautions that these vulnerabilities aren't catastrophic. "All of these are the same type of flaws we find in analyzing applications every day," he said. "There's nothing in here that's Heartbleed-esque, that's going to blow up everybody's devices tomorrow. If we'd found something that was exploitable on a mass scale, we'd have made sure it had gotten fixed before mentioning it at all. But that doesn't mean there aren't risks here."

And the companies involved have proven relatively receptive to learning about their products' vulnerabilities. "We've reached out to these companies and let them know the details of these flaws we found, and we're working with them to get them fixed if they're interested," Creighton said. "The fact is, flaws happen to everybody, and the companies that tend to do the best in modern times are the ones that can rapidly respond."

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.