A flaw in a smart plug would allow hackers to run remote code, which would put homes and businesses at risk
Smart plugs are electrical outlets connected to a WiFi network that provide users with the ability to turn on and off lights and other devices remotely, as well as an online monitoring features. But the Wemo Insight Smart Plug, produced by Belkin, includes an unreported buffer overflow in the libUPnPHndlr.so library, which is known as a CVE-2018-6692 vulnerability.
While the smart plug itself may not be very useful for attackers, like other Internet of things devices (IoT), if connected with others, the threat level increases. The smart plug could act as an entry point to the network to launch other attacks, say cyber security organization specialists.
Cyber security organization experts responsible for reporting this vulnerability also made sure that the attack can be done in different ways, so despite not being a serious vulnerability, they are concerned that there are so many possible attack vectors.
The discovery of this vulnerability emphasizes the importance of manufacturers using secure coding practices in the development of their network-connected devices, said the cyber security organization specialists in charge of publishing the vulnerability. If these unsafe smart plugs had been used in conference rooms or offices, they could have meant a major problem for the companies that used them.
“IoT devices are often overlooked from a cyber security organization perspective, this may be due to many being used for seemingly harmless purposes, such as home automation”, said the vulnerability report. “However, these devices work with operating systems and require as much protection as a desktop computer. Such vulnerability could become the point of support an attacker needs to enter and completely jeopardize a business network”.
For cyber security organization experts from the International Institute of Cyber Security this event also serves as a reminder to make due diligence when it comes to buying safe IoT devices and to adequately secure those devices, with secure passwords and other security measures after buying them to keep domestic and enterprise networks safe.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.