Yes, Even Smart Plugs Can Help Steal Passwords

Technology can be amazing. It's easy to get excited about the idea of having conveniences that were unthinkable a couple of decades ago, including all the fancy gadgetry of a smart home. However, every single device in your smart home can be a potential point of entry for bad actors and it turns out smart plugs are no exception to that rule.

A consumer investigation conducted in 2020 found that a number of smart electric plugs sold by various retailers can expose personal data to bad actors or even be a fire hazard if misused.

The investigation discovered a significant issue with setting up a user Wi-Fi password for the smart plugs - the password was not encrypted in any way and was wide open for potential attacks. Tests were run on 10 different types of smart plugs and over a dozen vulnerabilities surfaced as a result. The researchers rated three of the vulnerabilities as "critical".

Password Security Issues Are Present in Many IoT Devices

One plug has a fault that could lead to a fire or even a small explosion. The critical vulnerabilities discovered could allow hackers to grab the unencrypted Wi-Fi network password and gain access not just to the plug in question but to other devices connected to the same smart home hub, including optical devices such as cameras. It's very easy to imagine that burglars would love to be able to see through your home security cameras and monitor when you leave your home.

The issues discovered with the smart plugs underline not just the dangers of having a lot of potentially hackable smart devices in your home but also the need for state-level legislation that can establish some sort of security guidelines and requirements for similar technologies. A lot of the plugs tested used default passwords - admittedly an issue that is found in an awful lot of IoT devices and not just those specific plugs. The plug packaging also rarely included contact information that users could use to report any issues with the devices.

The default passwords, lack of encryption and overall poor security is not an issue that is exclusive to the smart plugs that were the subject of the investigation. Every Internet-enabled device that people install in their homes gives another potential attack vector for cybercriminals. This is especially true of IoT devices such as cameras and smart appliances that buyers usually don't see as a potential entry point for hackers because they only associate their computer and smartphone with the notion of hacking.

October 5, 2020