SIP CALCULATOR

Money Per month(₹)
500
Interest Rate(%)
1
Year(s)
1
1,20,000
Invested
1,20,000
Returns
1,20,000
Total

Created By: PATHAN MUKHTAR KHAN

Insecure apps put half of IoT devices at risk

0 0 Tuesday 5 February 2019 Edit this post

via TechRadar - All the latest technology news http://bit.ly/2SfBsHv As the Internet of Things ( IoT ) has grown in popularity with consume...


via TechRadar - All the latest technology news http://bit.ly/2SfBsHv

As the Internet of Things (IoT) has grown in popularity with consumers adding more devices to build out their smart homes, new research has revealed that vulnerable apps are putting users at risk.

To better gauge the security of IoT devices, researchers from Brazil's Federal University of Pernambuco and the University of Michigan examined 32 apps used to configure and control the 96 best selling Wi-Fi and Bluetooth-enabled devices from Amazon.

IoT app developers need to secure the apps themselves, their connection to cloud proxies which are used during their initial setup and the wireless connection and authentication to and from each IoT device. For this reason, the study's researchers started by inferring potential weaknesses using heuristic analysis of each app.

The researchers found that 31 percent of the apps (corresponding to 37 devices out of 96) had no encryption at all while another 19 percent had hard-coded encryption keys that could be reverse engineered by potential attackers.

Insecure apps

The researchers even developed proof-of-concept attacks for TP-Link's Kasa app, LIFX's smart light app, Belkin's WeMo for IoT and Broadlink's e-Control app to back up their findings further.

Three of the four apps used no encryption whatsoever and three communicated using broadcast messages that could provide an attacker with a way of monitoring the app-device communication to find vulnerabilites.

The researchers explained their findings in a report, saying:

“Based on our in-depth analysis of 4 of the apps, we found that leveraging these weaknesses to create actual exploits is not challenging. A remote attacker simply has to find a way of getting the exploit either on the user’s smartphone in the form of an unprivileged app or a script on the local network.”

While many IoT apps have a ways to go when it comes to securing their devices, the researchers highlighted Google's Nest thermostat app as an example of how IoT security should be done with its entire configuration process secured with SSL/TLS to the cloud or via Wi-Fi with WPA.

Via Naked Security

Tags:

SHARE:

Twitter Facebook Google Pinterest

COMMENTS

BLOGGER
DISQUS
Name

1988 Atlantic hurricane season,1,2017–18 Bergen County eruv controversy,1,All things,1,Amazon,89,Amazon.com: Best Sellers,14,Amazon.com: Best Sellers in Beauty & Personal Care,14,Amazon.com: Best Sellers in Clothing,61,Analisi Fondamentale,15,Analisi tecnica,40,Andrea Doria-class battleship,1,apple,51,Apple Newsroom,51,article of the day,198,Automated analytical tool for your forex trading account,2939,Banded stilt,1,Battle of Verrières Ridge,1,bbc news,5128,BBC News - World,5128,beauty,14,Beta-Hydroxy beta-methylbutyric acid,1,bitcoin,1,Britomart Redeems Faire Amoret,1,Buckton Castle,1,BUISNESS,2646,business,653,C. R. M. F. Cruttwell,1,Calendar Events,418,car insurance,1,Cloud (video game),1,Cooperative pulling paradigm,1,DailyFX - Feeds all,422,DailyFX - Forex Market News,205,DailyFX - Market News,3371,digital marketing,2,Dilophosaurus,1,Discovery Education,197,Education,408,education Learning In Wonderland,25,Education Week: English Language Learners,18,Emily Davison,1,Equestrian statue of Edward Horner,1,ESPN,48,Euryoryzomys emmonsae,1,Fantasy Book,1,fashion,30,Ford Piquette Avenue Plant,1,forex,2,Forex Calendar,3357,Forex Market,1858,Forex news,34,FOX NEWS,246,Fundamental Analysis,15,FX Analyst Articles,2140,Gadgets360 RSS Feeds : RSS Feed - NDTV Gadgets360.com,4411,Grand Duchess Anastasia Nikolaevna of Russia,1,Happy Chandler,1,Harry R. Truman,1,Health,70,Hilary of Chichester,1,Hogwarts Express (Universal Orlando Resort),1,Hurricane Daniel (2006),1,Ice drilling,1,IFTTT,509,internet marketing,1,Interstate 80 in Iowa,1,King Island emu,1,latest news,7786,Law,1,law.,1,M-35 (Michigan highway),1,market,623,Megalodon,1,Meteorological history of Hurricane Gordon,1,Moneycontrol Technology News,491,Monroe Doctrine Centennial half dollar,1,Monroe Edwards,1,More Hall Annex,1,Nat Geo Education Blog,67,National Geographic Education Blog,100,Nelson Mandela,1,Neville Chamberlain,1,news,8432,Nigel Williams (conservator),1,Nike-X,1,Norma (constellation),1,Norodom Ranariddh,1,Notizie Forex,22,Notizie Valute,12,NYT,1155,Ontario Highway 61,1,Percy Grainger,1,Peter Jeffrey (RAAF officer),1,Pioneer Helmet,1,Ramesses VI,1,reviews TechRadar - Technology Reviews,2,Russulaceae,1,Science-Fiction Plus,1,SEO,1,Shoes & Jewelry,61,Shorwell helmet,1,Simone Russell,1,Small-toothed sportive lemur,1,Snoring rail,1,Social forex community,2939,Social media marketing,1,Somerset Levels,1,South Carolina-class battleship,1,SPORT,61,Stefan Lochner,1,stock,1,Suillus spraguei,1,Teach123,6,tech,3833,tech reviews,3456,TECH TechRadar - All the latest technology news,23,Technical analysis,40,Technical Analysis DailyFX - pages/rss.rss-list.technical-analysis,526,Technical Analysis DailyFX - Technical Analysis,89,technology,198,techology,379,TechRadar - All the latest technology news,6005,TechRadar - Technology Reviews,1085,the new york times,2658,The Portage to San Cristobal of A.H.,1,Trade,8,video,1,vr,1,Wally Hammond,1,Waterloo Medal (Pistrucci),1,weight loss,2,Westminster Assembly,1,wikipedia,198,X-10 Graphite Reactor,1,
ltr
item
TECHNICAL MUKHTAR: Insecure apps put half of IoT devices at risk
Insecure apps put half of IoT devices at risk
https://ifttt.com/images/no_image_card.png
TECHNICAL MUKHTAR
https://technicalmukhtar.blogspot.com/2019/02/insecure-apps-put-half-of-iot-devices.html
https://technicalmukhtar.blogspot.com/
https://technicalmukhtar.blogspot.com/
https://technicalmukhtar.blogspot.com/2019/02/insecure-apps-put-half-of-iot-devices.html
true
709309995759877420
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy