Smart home devices can make our lives a lot easier thanks to automated actions that can be activated remotely using a smartphone or based on a schedule. However, occasionally security flaws are revealed, that can potentially allow hackers to take control of their smart home devices — most recently through a security flaw in smart plugs.
According to a recent blog post from security firm A&O IT, a security analysis of two smart home plugs revealed that they could be manipulated to gain access to the network they were connected to by stealing the WiFi login and password. The devices which are affordable and easily available do not adhere to well-regarded security practices.
More From This Section
Ordinarily, modern devices connected to the internet should be using an encrypted channel to send data (using HTTPS) using stronger passwords, and observe good security practices. According to a report by Techradar, these smart plugs from manufacturers Sonoff and Ener-J were doing the opposite, leaving a wide security hole ready to be exploited. Meanwhile, the security company has reportedly not received a response from those companies regarding the flaws.
A Wi-Fi network is only as secure as the password protecting it, so once these smart plugs leak the information necessary to glean the passwords to access the network, it was only a matter of time before attackers would be able to access the network and monitor the devices connected to it or perform nefarious activities there. Users could add the smart home devices to a guest Wi-Fi network and set up “network isolation” to make sure they can connect to the net but not access other devices on the network.
After the recent report about users of Eufy security cameras being able to access each other’s security feeds that was later fixed, the latest report on the smart plug vulnerabilities is a stark reminder that the security of a network depends on the protection of all the devices connected to it — something that users must keep in mind if they have smart door locks, smart cameras or other sensitive smart devices connected to their home networks.