Which? finds alarming number of security flaws in smart home devices – Wales Online
An investigation has revealed how smart home devices such as the Amazon Echo can be hacked and used to crash websites, steal data and snoop on users. Consumer group Which? found a staggering 37 vulnerabilities across eight test devices, including 12 rated as high right and one as critical, reports the Mail Online.
Examples include the first generation Amazon Echo smart speaker, released in 2014, and a Virgin Media internet router from 2017, with both leaving users exposed to cybercriminals. Which? found that some of the vital security updates could not be installed due to the age of the product.
“Our latest investigation highlights the real-life dangers posed by smart products from some of the biggest tech brands that are no longer adequately protected from cybercriminals,” said Rocio Concha, Which? director of policy and advocacy. “These weaknesses can lead to significant economic damage, but it is chilling to think that they can also be exploited by domestic abusers.”
Read more:Where to get 6p pints – pub chain offering jubilee discount today only
Domestic abuse survivors can also be tracked and controlled by ex-partners who exploit weak security on devices including Wi-Fi routers and security cameras. For its investigation, Which? purchased eight products from different brands and set them all up in a simulated home before inviting ‘ethical hackers’ to attack them.
Ethical hackers penetrate a computer systems or networks on behalf of its owners, and with their permission, often for the purposes of research. As well as the first generation Amazon Echo and the Google doorbell, the list included the Samsung Galaxy S8 Android smartphone, the Wemo smart plug and the Liv Cam baby monitor.
Which? selected these products because they are likely to be sitting in the homes of thousands of consumers, even though they are not newly-released. Some of these products had been abandoned by the manufacturer within five years since their launch. For example, the first generation Amazon Echo smart speaker lost security support in autumn 2021, Which? said.
In response, an Amazon spokesperson said: “Privacy and security are foundational to how we design and deliver devices, features, and experiences. We released a fix for this issue for 2nd generation Echo devices in 2017, and all newer Echo devices are not impacted by this issue.”
On a Google Nest Hello video doorbell, hackers were able to spam the device with requests, so that it was knocked offline. An attacker could use this to stop the user’s doorbell from recording if they want to approach the owner’s home.
Google said that this issue with the Google Nest Hello has been resolved. According to Google’s website, this device is being supported by security updates until beyond 2023, which is five years after it was released.
Samsung’s Galaxy S8 Android smartphone, which stopped being supported with security updates in April 2021, was easily infected with malware, which could lead to data theft, tracking and spam adverts. Researchers infected it with Flubot malware, disguised as a DHL delivery text, that within 10 seconds leads to access to the phone owner’s data.
Ethical hackers could …….