In the ongoing saga of IoT security (The score is bad guys: a whole bunch, good guys: not very many), the bad guys continue to win.
Researchers analyzed Samsung’s house management hub called SmartThings and found 20 problems.
The researchers, part of Cisco, said that the attacks are complex and require the attackers to chain different bugs together, but that doesn’t lessen the severity.
The Samsung SmartThings hub supports a variety of protocols allowing it to control a wide range of devices. Some of the devices it can control include lightbulbs, doorbells, smart locks, smart plugs and many others.
But that ability is also the problem.
If you can hack the SmartThings hub, then you could turn off alarm sensors, unlock the door to the house or spy on the homeowner by taking over the security cameras.
Given that possibility, what could go wrong?
So what should an IoT early adopter do?
The first thing is for you to understand that as an early adopter you are blazing new paths and some of those paths will be dead ends. Personally, I have bought and replaced many different IoT devices.
Second, you should consider the risk prior to purchasing and using any IoT devices. For example, it is far less risky to control your lightbulbs than your front door lock, If you are risk tolerant you may be okay with the risk from the smart door lock, but if you are less risk tolerent, you may not be.
Next, ONLY purchase IoT devices from vendors that have an active cyber security program. All IoT devices will need patches. If the vendor doesn’t actively create patches, then the bad guys will win. You also want devices that automatically download and install the patches when released. Samsung says that they have already patched every device operational in the field. That is what you want.
Finally, stay tuned to the security news in the IoT arena. If you are going to be an early adopter, you need to be informed. When things are stable and mature you can be less concerned. When there is a new attack every day – you have to be proactive.
Be smart. Be informed. Then make decisions.
Information for this post came from Threatpost.