The Internet of Stuff is a gigantic ultra-perv robbery network – study

IoT devices facilitate robbery, stalking and cybercrime. That's the downbeat conclusion of a new study by app security firm Veracode into the insecurity of connected devices.

Veracode reached its conclusion after looking into a variety of IoT kit, finding they are often designed without data security or privacy in mind.

The report found that the Ubi could enable cyber-criminals to know exactly when to expect a user is at home, based on when there is an increase in ambient noise or light in the room. This could facilitate a robbery, or even stalking in the case of a celebrity or a disgruntled partner.

Ubi develops a platform for voice and language interaction with the Internet of Things kit.

Veracode researchers also found that the microphone on a Wink Relay touchscreen controller could be turned on by cyber-criminals or spies to listen in on any conversations within earshot of the device. Lastly, vulnerabilities in a Chamberlain MyQ smartphone control system could create a means for thieves to be notified when a garage door is opened or closed, indicating a window of opportunity to rob the house.

With around 4.9 billion connected devices in use today and an estimated 25 billion expected by 2020, cybersecurity is becoming a major concern. The Federal Trade Commission has warned that cyber-attackers could potentially hijack and misuse sensitive information recorded by the technology or that the technology could even create physical safety risks for consumers.

A Russian website discovered last year streamed live footage from thousands of private webcams, CCTV systems and even baby monitors from around the globe.

Veracode researchers looked at six common at-home devices, including the Chamberlain MyQ Internet Gateway, the Chamberlain MyQ Garage, the SmartThings Hub, the Ubi, the Wink Hub, and the Wink Relay. Among the issues found were: open debugging interfaces that could allow remote attackers to run arbitrary code on a device itself, such as spyware; serious protocol weaknesses that could allow passive observers to access sensitive data; and lack of adherence to best practices to protect users’ accounts against weak passwords and common password-guessing techniques.

The results showed that all but one device exhibited various cyber-security vulnerabilities across a majority of the categories tested.

More information about the study's findings, methodology and recommendations can be found in Veracode's report here.

Vercode's findings match the result of an earlier HP study back in February that found password security, encryption, and authentication issues riddled IoT kit. ®