Security Tip From Forest: In reading this article, which is pretty advanced for the most of us, the most important thing to remember is: Set Up A Strong Password for every smart device you use. Who would think someone could hack into an electrical socket and steal email information??
Smart Electrical Socket Could Be Exploited to Hack Email
A vulnerability in a popular brand of smart electrical sockets has been found that could allow hackers to spread malicious software to connected devices.
By Rodney Bosch · August 19, 2016
BUCHAREST, Romania— A smart electrical socket that could allow a hacker to turn power outlets into botnets, read your email, and even set your house on fire if you connect an appliance that could overheat? Those nightmarish scenarios are all possible, according to security researchers.
Researchers at cybersecurity software firm Bitdefender, based here, have identified a vulnerability in an undisclosed popular brand of smart electrical socket they say could be hijacked by an attacker, reports motherboard.vice.com.
The vulnerable socket plugs into a regular one, and allows users to schedule the activity of any dumb electronic device, with the help of a smartphone. The app is available for both iOS and Android platforms, and there have been over 10,000 downloads from Google Play alone, according to the article. Bitdefender contacted the smart socket vendor, which has said they will release a fix during Q3 2016.
Among the most destructive actions someone could perform is to wipe the existing software on the socket and to replace it with malicious one, researchers said.
“Up until now most IoT vulnerabilities could be exploited only in the proximity of the smart home they were serving, however, this flaw allows hackers to control devices over the Internet,” Alexandru Balan, chief security researcher at Bitdefender, told Motherboard. “This is a serious vulnerability, we could see botnets made up of these power outlets.”
Researchers who analyzed the power outlet have found several security issues, including a weak username and password combination that users are not alerted to change. Experts have also noticed that, during configuration, the app sends WiFi credentials in clear text over the network.