Menu
One smart plug isn't so bright when it comes to security

One smart plug isn't so bright when it comes to security

A security firm finds an unidentified smart socket vulnerable to hacks

Smart sockets that let you control an electrical plug over the internet may sound cutting edge, but they can also be rife with security flaws.

One such plug was found vulnerable to hacks. Security firm Bitdefender said that it could steal user email logins from the device, control it over the Internet, and potentially use the socket to launch other malware attacks.

“This is a serious vulnerability, we could see botnets made up of these power outlets,” Alexandru Balan, chief security researcher at Bitdefender, said in a Thursday blog post.

Bitdefender isn’t naming the product, but its mobile app has more than 10,000 downloads from Android users.

The device itself functions as a smart electrical switch that connects to the internet over Wi-Fi. A user can plug it into any wall socket, and remotely turn the device on and off through the mobile app.

This particular product can also send email notifications to the user when it changes from one state to another. But despite these features, the smart socket isn’t very secure, Bitdefender found.

By default, it comes with a weak username and password combination, which the socket doesn’t force the consumer to change. The product also communicates data unencrypted, making anything it sends easy to decode. If a hacker is eavesdropping over the Wi-Fi connection, all of this data can be seen.

Due to these flaws, Bitdefender ran tests and found that when nearby, researchers could hijack control over the smart socket. If the plug had enabled email notifications, a hacker could also steal the user’s address and password information.

A bigger issue is a flaw within the product’s software coding. A hacker can potentially exploit this to inject commands into the coding and control the product anywhere over the internet, Bitdefender said.

In a worst-case scenario, a hacker could install malicious firmware into these smart sockets, turning them into a botnet or a network of computers that can launch cyber attacks, Bitdefender added. PCs and other electronics connected to the same internet connection as the smart socket would be vulnerable.

The vendor behind this smart socket is working on a fix that will be released in the third quarter, Bitdefender said.

The security firm is advising that consumers be aware of privacy issues related to smart plugs and other internet-connected devices. They should also do proper research before buying and look at the online reviews to see if other users have reported any problems.  


Follow Us

Join the newsletter!

Error: Please check your email address.

Featured

Slideshows

A snapshot of the Kiwi partners set to shine at the Reseller News Awards

A snapshot of the Kiwi partners set to shine at the Reseller News Awards

With the 2017 Reseller News ICT Industry Awards only weeks away, Reseller News profiles the power line-up of partners set to dominate the biggest night on the channel calendar. ​Ranging from the enterprise, down through the mid-market and small business sectors into the heart of the start-up scene, the end result is the most diverse and wide-ranging partner line-up in the history of the Awards, playing host to the leading innovators of the past 12 months.​

A snapshot of the Kiwi partners set to shine at the Reseller News Awards
Channel celebrates as HP marks 50 years in NZ

Channel celebrates as HP marks 50 years in NZ

HP marked 50 years in New Zealand at an event in the vendor's Auckland's headquarters last night, with a host of key channel figures coming along to celebrate. Photos by HP.

Channel celebrates as HP marks 50 years in NZ
Show Comments