Smart home devices dumb on security
Of 50 smart home connected devices analalysed by Symantec, few had any basic cyber-security protection in place. Notably:
- None of the devices use mutual authentication, enforced strong passwords or protected against brute-force attacks
- 20 percent of the mobile apps used to control these devices do not encrypt data sent to the cloud
- A test of 15 smart home cloud interfaces showed 10 web vulnerabilities—many of them critical—one of which could allow an attacker to remotely unlock someone's house
- Unsigned firmware updates for these devices could also allow attackers to take over devices completely.