New vulnerabilities discovered in popular off-the-shelf IoT devices

The State of IoT Security, a new report by Dark Cubed and Pepper IoT, reveals certain cybersecurity vulnerabilities and privacy concerns present in popular off-the-shelf devices. One of the most illustrative examples is a smart bulb product that conveys personal information to a third-party company in China.

The researchers examined 12 devices from the following manufacturers:

– Zmodo

– Guardzilla

– Merkury

– Vivitar

– Wyze

– Momentum

– Oco

– iHome

You can get these devices from popular retailers such as Amazon, Walmart and Best Buy.

The problems with them come down to failing to include certificate validations, unprotected data transmission and data encryption that is not present in any form. A Merkury smart lightbulb, for example, only has one function: an on/off switch. Yet still, you’re asked to install a smartphone app that records audio, accesses your phone’s storage and tracks location data, which is hardly justified in this particular case.

Since there is valid suspicion that China is spying on the US, the report advises purchasing smart devices that transmit data to trusted and regulated companies in the US. Another recommendation is that customers should focus on the security aspect of the entire platform, not merely the device’s security. For instance, if the platform in question is managed by China, your privacy might not be taken for granted.

According to Pepper, it’s not just the manufacturers that should take an in-depth look at the security of IoT devices, but the retailers as well.