This post is also available in: heעברית (Hebrew)

As Internet of Things (IoT) devices such as connected locks, motion sensors, security cameras and smart speakers become increasingly ubiquitous in households, their surging popularity means more people are at risk of cyber intrusions.

A work sponsored by the US Office of Naval Research has found that the smartphone companion applications of 16 popular smart home devices contain “critical cryptographic flaws” that could allow attackers to intercept and modify their traffic.

The research from Florida Tech warns that attackers can leverage the immature but pervasive nature of IoT to spy on and surveil victims.

Subjecting 20 devices to a host of “man-in-the-middle” attacks wherein perpetrators seek to intercept communications between parties, allowing for the theft of login credentials, spying or other nefarious activities, the researchers found that 16 device vendors failed to implement security measures, thus enabling the attacks.

“We hypothesize that the distributed communications architecture of IoT introduces vulnerabilities that allow an attacker to intercept and manipulate the communications channel, affecting the user-level perception of an IoT device,” the researchers wrote, according to fit.edu. “We apply this (attack) against a broad array of smart home device vendors to conceal malicious users, suppress motion reporting, modify camera images, unlock doors, and manipulate history log files.”

The IoT devices that showed this vulnerability were: Amazon Echo, August lock, Blink camera, Google Home camera, among others. Devices from four vendors – Arlo, Geeni, TP-Link and Ring – were found not to be susceptible to the attacks the researchers carried out.

They advise vendors to take measures to improve confidentiality and integrity in smart home devices and their applications. They must implement stronger server-side cryptographic implementations to prevent these attacks.

Prepared to dive into the world of futuristic technology? Attend INNOTECH 2022, the international convention and exhibition for cyber, HLS and innovation at Expo, Tel Aviv, on November 2nd – 3rd

Interested in sponsoring / a display booth at the 2022 INNOTECH exhibition? Click here for details!