Companies creating smart devices for the home promise a more energy- and time-efficient future, but are failing to secure their products, potentially making the homes of early adopters less secure, according to a study of some 50 consumer smart devices by security firm Symantec.
In a report published on March 12, Symantec examined a variety of devices, including smart thermostats, locks, light bulbs, smoke detectors, energy management devices, and smart hubs, which link together the various smart products and allow the user to manage them.
All of the devices failed to check whether they were communicating with an authorized server, leaving them open to man-in-the-middle attacks. One out of five devices did not encrypt communications and many did not lock out attackers after a certain number of password attempts, further weakening their security, Symantec stated in the report.
"All of the potential weaknesses that could afflict Internet of things systems, such as authentication and traffic encryption, are already well known to the security industry, but despite this, known mitigation techniques are often neglected on these devices,” Symantec researchers stated in the report.
The lack of security comes as consumers are increasingly adopting a variety of connected devices and using them in their homes. An estimated 2.9 billion devices will be used by consumers in 2015, according to market research group Gartner.
Read more: http://www.eweek.com/security/symantec-study-finds-home-smart-devices-wide-open-to-cyber-attack.html