Smart home devices dumb on security

Of 50 smart home connected devices analalysed by Symantec, few had any basic cyber-security protection in place. Notably:

  • None of the devices use mutual authentication, enforced strong passwords or protected against brute-force attacks
  • 20 percent of the mobile apps used to control these devices do not encrypt data sent to the cloud
  • A test of 15 smart home cloud interfaces showed 10 web vulnerabilities—many of them critical—one of which could allow an attacker to remotely unlock someone's house
  • Unsigned firmware updates for these devices could also allow attackers to take over devices completely.