Latest in Gear

Image credit:

Princeton researchers find security flaws in IoT devices

Nest thermostats were leaking zip codes on the internet, for example.
Billy Steele
January 21, 2016
Share
Tweet
Share

Sponsored Links

One of the main concerns about the so-called Internet of Things is security, and the recent findings of researchers at Princeton won't help ease the anxiety. Researchers at the university's Center for Information Technology Policy (CITP) took a close look at how information is transmitted between the connected devices in your home and the cloud to gauge just how secure they really are. The list of devices researched included the Belkin WeMo Switch, Nest Thermostat, Ubi Smart Speaker, Sharx Security Camera, PixStar Digital Photoframe and a SmartThings Hub. As it turns out, a few gadgets the group examined sent information out in the open.

First, the group found that Nest thermostats were leaking customer zip codes over the internet out in the open. In other words, general user location information and the coordinates of the company's weather stations were not being locked down whatsoever. Thankfully, Nest quickly patched the flaw when CITP notified them of the issue. Of course, the thermostats also recently hit a software snag that sent them offline for a number of customers.

The group also discovered that the Sharx security camera beamed footage over an unencrypted FTP, making it accessible to any prying eyes. What's more, all traffic to the PixStar digital photo frame was unencrypted, so all of a user's activity with the device was there for the taking. On the whole, CITP researchers say that "many devices" don't encrypt "at least some" of the details that they transmit over the internet, but encryption may not be enough. The group explains that even if the info being beamed back and forth is locked down, there still may be a way for hackers to tell if one of the gadgets is in your home.

[Image credit: Ann Hermes/The Christian Science Monitor via Getty Images]

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
Xiaomi unveils a ridiculous see-through TV

Xiaomi unveils a ridiculous see-through TV

View
‘Red Dead Online’ is so broken it’s hilarious

‘Red Dead Online’ is so broken it’s hilarious

View
Will QLC SSDs make hard drives extinct?

Will QLC SSDs make hard drives extinct?

View
Microsoft's Xbox Series X arrives in November

Microsoft's Xbox Series X arrives in November

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr