Security Found Lacking In Smart Locks, Thermostats

The battle between potential value and security concerns in the Internet of Things continues and some of those concerns were just validated.

Hackers recently put the security of current IoT products to the test at the DEF CON hacking conference in Las Vegas and found more than a few vulnerabilities.

Merculite Security experts successfully broke through 12 out of 16 smart lock systems.

Most of the locks, which are opened by smartphones using Bluetooth instead of physical keys, provide little protection from other people intercepting the data and opening the locks themselves, TechCrunch reported.

Breaking through the security in the locks only required about $200 in off-the-shelf parts and minimal effort, in relation to the expertise of the world-class hackers. Some of the locks were found to not encrypt the passwords and instead store them as plain text.

The smart locks that were not successfully hacked are made by Masterlock, Noke, Kwikset and August. However, another hacker was able to break through the August lock, but it required much more work.

Most of the companies responsible for the less-than-secure smart locks have not issued a fix for the vulnerabilities, according to multiple reports.

Security issues were also uncovered inside the home. Motherboard reported that security researchers from Pen Test Partners successfully inserted ransomware into a smart thermostat.

The researchers said that in a malicious scenario, a program could be loaded into the smart thermostat unknowingly by a consumer, similar to how malware is loaded onto phones through installing malicious apps.

Once loaded, the ransomware could then cause the thermostat to lock itself at a certain condition, such as 99 degrees or no heat, until the consumer pays a ransom. This scenario, although possible, is not highly likely to happen, according to the researchers.

Other experts at the conference discussed the broader implications of security in IoT. Due to the nature of IoT connecting so many devices together, a security breach of one connected device could provide hackers access to the other devices.

Some hackers suggested, however, that the real threat to consumers is not overly high, according to a BBC report. Although the capabilities exist within the consumer markets, commercial hackers would likely target similar systems within enterprises instead.

Next story loading loading..