• Softpedia, Friday, April 1, 2016 9:05 AM

During a two-month hackathon in September and October 2015, security researchers from Bitdefender found vulnerabilities in four new IoT devices, of which only one has been partially fixed after the developer was notified. Researchers found the first issue in the WeMo Switch, an Internet-accessible switch that lets users turn electronic devices in their home on and off. This device was (and still is) using an insecure communications channel between the switch and the smartphone app that features no authentication. Everything is transmitted in cleartext, except for the device's password, which is encrypted with an easily breakable 128-bit AES algorithm, using an encryption key derived from the device's ID and its MAC address.

Read the whole story at Softpedia »