Loop-Holes Identified in Hubs Driving Smart Homes

By CIOReview | Wednesday, July 29, 2015

FREMONT, CA: People assuming their homes to be safe havens are perhaps mistaken as a security firm reveals the flaws and vulnerabilities that come along with smart homes. Tripwire, a security company, has identified in its research that three reputed hubs possess a number of vulnerabilities in their products which can be exploited by the attackers. The firm believes that the attackers can access the hubs through pernicious applications.  

Robert Lemos writing for eWEEK points out that Tripwire has detected vulnerabilities in smart control devices from companies such as SmartThings, Vera Control and Wink. The critical flaws could aid the attackers to decode the smart-home control and take charge of the hub. Tripwire’s research shows that an attacker can get hold of the root access and possess the ability to inject commands into the Wink Hub.

"One of the problems we have in the industry with low-cost embedded devices [is] any mistake can be a big mistake," says Craig Young, a security researcher on Tripwire's Vulnerability and Exposure Research Team. "You don't have the modern protection features of modern operating systems to protect the device and users."

The security firm affirms that the Wink Hub could be compromised through various SQL-injection vulnerabilities. Once an attacker gains control, he can then command to other smart devices in the home and gain access to the wireless network.

As a precautionary measure, Tripwire suggests that users should keep their devices updated with the latest firmware upgrades and connect the devices to a network separate from computers that are regularly used to connect to the Internet.

According to Lemos, Tripwire is not providing details of hub manufactured by Vera Control as the company has not fixed the issues yet. However, the firm has notified that the two of the companies—Wink and SmartThings have released patches for the issues.