Everything connected to the Internet is vulnerable — In the latest, it’s the Smart Socket!
Smart sockets are such a blessing for us…..no? We can switch the lights and fans on and off without even leaving our chair. Smart sockets offer an opportunity to literally relax and become a couch potato. You can easily connect a variety of your electrical devices with smart sockets and operate them with a touch of your fingers. Such as thermostats, coffee makers, garage doors, smart TVs, security cameras and medical devices can be run through smart sockets.
However, so much as it sounds great, however, an issue identified by Bitdefender IoT research team is enough to make you wary of these new-age smart sockets. According to the researchers, users are risking their physical security as well as their privacy by using smart sockets because the sockets are vulnerable to dangerous firmware upgrades that can be controlled remotely by hackers and this would expose users to all sorts of online and physical security risks.
The analysis was obtained while conducting a research on the probable security concerns that are associated with the Internet of Things technology and the findings are startling.The smart socket’s electrical switch is vulnerable to hacking. The electrical switch has to be plugged into a wall socket so that users could schedule connected electronic devices and switch them on or off from their smartphones.
The function of smart sockets involves downloading of the corresponding mobile app via Apple Store or Google Play Store. As of now, over 10K Android users have already downloaded the app. Once downloaded, the user is required to select the option of installing a new plug and click on the home Wi-Fi network from the list of available networks. Then, the app would create a connection between the hotspot and its server. When the user enters the ID and password of his/her home network, the app will transmit it to its connecting device’s hotspot and get itself registered to the server through UDP messaging. The information transmitted to the server includes the model, device name and MAC address of the home network along with the firmware version, local IP address, and the port information.
Needless to say that the information that the smart socket app transmits is quite valuable to attackers and this is why they are looking to intercept and obtain this bit of information. According to Bitdefender research team (Pdf), the hotspot contains a very weak username and password which is why the user is not alerted by the app regarding the associated risks with not changing the default credentials.
Users are basically required to change the default credentials of the hotspot by clicking on “Edit” option that is found near the smart plug name on the main screen. If this is not done, your device would become vulnerable.
Another thing noticed by the research team is that while configuring the app, the Wi-Fi network credentials are transferred in clear text across the network. Furthermore, the device-to-application communication that travels via the manufacturer’s server is not encrypted but only encoded.
It is a well- known fact that encoded communication can be reversed pretty easily through a publicly available scheme whereas the encryption mode keeps the data confidential. The final finding was that the device must be configured to transfer email notifications to the user whenever it switches from one state to the other.
The abovementioned information hints on the fact that the smart sockets are vulnerable to two kinds of cyber attacks. Firstly, if the MAC address of the device is obtained by the hacker and the default password is weak then it is easy to gain remote control of the device. Then the attacker can re-schedule the device and/or gain all the information including user ID, email ID, and their passwords. This would, however, occur if the email notification feature is activated. Then the attacker can compromise the email account if two-factor authentication isn’t enabled.
Since the device hashes its credentials via the MD5 algorithm by the md5sum command, the method is vulnerable to command injection because the password isn’t sanitized. So, when a hacker exploits this weakness, the old password gets overwritten and the embedded Telnet service can be opened. If this is achieved, the attacker can send commands to either start, stop or schedule the device and also to submit rogue commands such as running dangerous firmware or using the device to attack other computers within the local network.
According to Chief Security Researcher of Bitdefender, Alexandru Balan, this type of attack lets a hacker leverage the vulnerability worldwide.
“Up until now most IoT vulnerabilities could be exploited only in the proximity of the smart home they were serving, however, this flaw allows hackers to control devices over the Internet and bypass the limitations of the network address translation. This is a serious vulnerability, we could see botnets made up of these power outlets,” says Balan.
What we can recommend our users is to remain vigilant and perform all the security requirements while installing IoT devices. Users must always keep their passwords strong and immediately change the default login credentials.
Previous cases when IoT devices were found vulnerable:
1 Smart Cars
A smart socket is not the only device posing a danger to users’ security and privacy; in fact, Internet-connected cars can be hacked and DDoSed using smartphones.
2 Security Cameras
Another research exposed the troubling state of IoT devices such as thousands of security and surveillance cameras in the US and millions worldwide vulnerable to cyber attacks such as DDoSing.
3 Smart TV
Just a couple of months ago researcher had exposed a shocking incident in which cyber criminals hacked Android based Smart TV being hacked for ransomware and alerting users about not visiting malicious sites on their Smart TV.
4. Burglar Alarm
Believe it or not, even Burglar Alarms are not safe from hackers. IOActive’s Andrew Zonenberg demonstrated how in real life hackers can turn-off security systems by exploiting a crucial security flaw that most home security systems inherently have. Zonenberg identified a serious vulnerability in SimpliSafe alarm systems that allow anyone to listen to the PIN easily and repeatedly.
5 Wireless Keyboards
During Def Con last month Marc Newlin of Bastille Research Team exposed a critical security flaw in numbers of Wireless Keyboards manufactured by Anker, EagleTech, General Electric, Hewlett-Packard (HP), Insignia, Kensington, Radio Shack and Toshiba are vulnerable to hacking that can lead to undetectable spying by malicious actors from a distance of 250 feet.
There are more stories we wrote on vulnerabilities in IoT devices, click here to go through all of them.
Source: BitDefender Labs
We highly recommend going through BitDefender’s Research paper here (Pdf).