Cheap smart plugs pose a serious cybersecurity threat and can be easily exploited by criminals to hack into home networks and devices.
Specialists of information security company A & O IT Group conducted an analysis of two cheap and widely available “smart” sockets – Sonoff S26 and Ener-J WiFi.
Easily purchased from Amazon, eBay, and Aliexpress for as little as $ 10, these devices can be used to steal Wi-Fi credentials. The issue is related to devices communicating with the router on port 80 by sending unencrypted HTTP traffic, as well as the presence of weak factory passwords.
With Wi-Fi credentials, attackers can connect to a home network and perform all sorts of malicious activities, from stealing video and audio data from laptops to controlling vulnerable IoT devices or even monitoring traffic from other devices. Wi-Fi can be used to download illegal content from the Internet or to attack other users’ devices.
If the house has smart door locks or CCTV cameras on the same network, an attacker is able to know when residents are at home.
A&O IT Group specialists informed Sonoff and Ener-J of the discovered vulnerabilities, but so far they have not received a response from any manufacturer.
Catch up on more articles here
Follow us on Twitter here