Princeton Finds Security Flaws In Range Of Internet Of Things Devices
The Internet of Things is on the rise, but there are still plenty of concerns about it, the largest of which is security. Research conducted at Princeton won't help ease those concerns.
Researchers at the Center for Information Technology Policy looked at a number of IoT devices and how information is shared between them, basically seeing just how secure they actually are. Among those devices were the Belkin WeMo Switch, the Nest Thermostat, Sharx Security Camera, Ubi Smart Speaker, and more. What they found is that some of these devices more or less transmit their data in the open for anyone to see.
First of all, it was found that the Nest thermostats were leaking customer's ZIP codes over the Internet. In other words, user location information, as well as coordinates of company weather stations, weren't secure. Nest, thankfully, quickly patched the flaw when it was notified.
Next up is the Sharx security camera, which reportedly was beaming footage over an unencrypted FTP connection, making it accessible to anyone with a bit of know-how. This is quite a bit creepier than ZIP codes being leaked, essentially allowing people to spy on users without their knowledge.
In general, the CITP researchers found that many of Internet of Things devices didn't encrypt at least some of the information that they were transmitting over the Internet. Not only that, but encryption may not even be enough to protect such sensitive data, especially if it is being beamed back and forth between servers and users, which opens it to a number of ways to be hacked.
Doctoral student Sarthak Grover presented results on privacy vulnerabilities he found in various Internet of Things devices to the FTC on Jan. 14 at PrivacyCon (PDF).