Security Roundup: The four commonly used IoT devices vulnerable to privacy theft

This week we look at Bitdefender’s IoT vulnerability discovery, why device design is important when it come to security, and more.

Today is World Backup Day. And as the independent initiative puts it: “It’s not only a day for backing up your personal data, but it’s also a day to talk about the enormous task of preserving our increasingly digital heritage and cultural works for future generations.”

So as you plan out where you’re going to store your extra copy of all your most important files, have a read of the latest security news

Four commonly used IoT devices vulnerable to privacy theft
A technical investigation by Bitdefender has discovered that four commonly used Internet of Things (IoT) consumer devices are vulnerable to cyber attack. The analysis reveals that current authentication mechanisms of many internet-connected devices can easily be bypassed to expose smart households and their inhabitants to privacy theft.

The Bitdefender Labs researchers choose devices that were both popular and affordable in order to understand the security stance of each device. The team analysed the way each device connects to the internet and to the cloud, as well as the communication between the device and its corresponding mobile application. Three of the four IoT devices in question are currently still at risk, whereas one has been partially resolved:

– LIFX Bulb: a smart LED bulb that connects to a Wi-Fi network and allows users to control house lighting via a smartphone app. An attacker is able to switch the device on and off five times to reset the device and create a new hotspot. As a result, victims will be connected to an attacker’s fake hotspot and leak the username and password of their Wi-Fi network, allowing further penetration.

– MUZO Cobblestone audio receiver: a Wi-Fi audio receiver that can be connected to home routers to allow music streaming from multiple sources. The device comes embedded with a Telnet service that allows users to access the device remotely. Bitdefender researchers attempted basic password brute-forcing and observed that the initial credentials were set to admin/admin.

– LinkHub: a smart adapter and two bulbs that allow users to remotely manage household lighting. A lack of transport encryption means data is sent in plain text, allowing attackers to obtain the username and password of a Wi-Fi network.

– WeMo switch: a Wi-Fi enabled device that can turn plugged-in electronic devices on or off remotely, and includes scheduling and IFTTT (If This Then That) automation capabilities. The device is vulnerable to weak access point authentication and may leave users’ Wi-Fi credentials vulnerable.

Check out Bitdefender’s How To Hack A Connected Home infographic at the bottom of this article.

IT decision makers concerned about device security and design
New research has revealed that while a quarter of organisations across Europe claim to have suffered from a device security breach in the last 12 months, less than a third (32 per cent) are completely confident in the level of security offered by their current devices.

The HP commissioned study, conducted by Redshift Research, asked 1,016 IT decision makers across seven European countries about device use in their organisations. The results show there is widespread anxiety about their current technology, with 90 per cent of IT decision makers concerned in particular about device security.

However, while IT decision makers highlight the importance of device security, they acknowledge that design is also an important point of consideration, promoting flexible working and contributing to a sense of job satisfaction amongst employees.

In other news:
– F-Secure has announced a major new release of its flagship endpoint security solution Protection Service for Business. The release includes new web security features plus a redesigned management portal that’s much more efficient for administrators.
Photographers around Europe are losing the images they capture and other irreplaceable data because they fail to adequately back up their memory cards, computers, tablets and smartphones, according to new research by Verbatim.

Find out more about World Backup Day at

Check Also

Kinly promotes Chico Dominguez to VP of US Service and Support

Kinly has promoted Chico Dominguez to vice president of US service and support. In this …