In research conducted by the Pradeo Lab on around a hundred IoT mobile applications, some serious Smart Home vulnerabilities were revealed, bringing us back to the question on how secure are we in this rapidly transforming world of connected devices?

The research proved that the smartphone apps used to control the connected devices, such as baby phones, thermostats and electric binds, are difficult to take over, which is positive to hear, however the data stored on these kinds of devices can easily be bought, raising yet another red flag over data privacy.

Another point worth considering is that the research has only included apps that were available on the Google Play and App Store, clarifying yet again that apps on official stores may be free from malware but not unsusceptible to future cyber attacks.

Vulnerabilities found in these apps

Before diving into the specifics, let’s be clear, on a shocking finding; 80 out of the 100 tested apps carry at least one category of vulnerability, clearly implying that as many as 80% of your connected devices are susceptible to cyber attacks simply through the mobile apps you’re using to control.

Out of all of these vulnerabilities, 15% belong to the ‘Man-in-the-middle attack’. It means that some cyber criminals can easily get a middle access in the network and change your command and the device’s output before it reaches the other end.

8% of the apps are also sending data to uncertified servers, some of which have expired and are available for sale at present. Which means now anyone who buys these servers may absolutely have free and unrestrained access to the data stored inside.

In addition, almost 90% of the data sent by these applications get leaked into the network. Most of the leaked data is seemingly harmless, similar to the devices and phone network information, but it also includes private information like IP addresses, IMEI numbers, video and audio records, and geo location.

Though the concerned companies were notified of these issues, hopefully they will also take the necessary actions, but is that all that’s required to ensure a safer and more secure connected world?

Certainly not, and this research has only found the susceptible areas in terms of controlling mobile applications, which constitutes only a small fraction of your connected devices’ network. So what are similarly helpful actions you can take in order to create a more secure smart home or at least to minimize the risks involved?

How To Secure Your Smart Home?

• Secure your Network
  This is the most crucial action you can take to secure your smart home perimeter. Ensure that your wireless network that connects your devices is protected with WPA2 protocol and a strong password. Also, firewall the network and disable the guest access entirely from it.
• Protect the Devices
  To begin with, always purchase all your devices from reliable manufacturers, any one device from an untrustworthy vendor can bring the whole network into the zone of susceptibility. The next step you can take to ensure that the devices you bought remain secure throughout their lifetime is by updating their firmware regularly.
• Secure you Apps
  Ensure that the apps you are using to control your IoT devices are using proper encryption methods to protect the sync processes. Also, keep these updated with security patches that developers upload from every so often.

It’s understandable that the journey to a completely secure smart home is a long one, but that doesn’t entail we couldn’t take the necessary measures ourselves. Stay safe and stay connected.

Resources:

https://fieldguide.gizmodo.com/how-to-build-a-smart-home-thats-actually-secure-1822942112

http://www.itpro.co.uk/mobile/30863/smart-home-mobile-apps-vulnerable-to-takeover

http://blog.pradeo.com/iot-mobile-applications-takeover