Tripwire uncovers smart home hub zero-day vulnerabilities

News by Doug Olenick

Three top-selling smart home hubs on Amazon have zero-day vulnerabilities that could allow an outsider entry into the user's home, Tripwire reported.

The security firm Tripwire reported that its Vulnerability and Exposure Research Team detected several zero-day vulnerabilities in three of the top-selling smart home hubs available on Amazon that could leave users open to a wide range of dangers.

The potential breaches could allow an outsider to change alarm settings, open a home's locks, access the home's computer network or use the smart hub as a launching point for a DDoS attack. The actual hub exploit can take place through malicious web pages or smartphone applications.

“The threat is relatively low for now, but it will increase as malicious actors recognise how much information can be gained by attacking these devices,” said Craig Young, Tripwire's security researcher.

The companies involved were not named, but Tripwire said that two of the three have patched the holes, but the third vendor's product is still at risk.

This story first appeared in SC Magazine.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews