Although these so-called Internet of Things gadgets are small and rather dumb, they’re still full-fledged networked computers for all intents and purposes. You may not need to do much, but you still need to take many of the same basic precautions to prevent them from, say, broadcasting your private information unencrypted to the world, or granting root access to anyone walking by.
In the case of these low-cost “smart” bulbs investigated by Limited Results (via Hack a Day), the issue isn’t what they do while connected but what they keep onboard their tiny brains, and how.
All the bulbs they tested proved to have no real security at all protecting the information kept on the chips inside. […]
The data was without exception totally unencrypted, including the wireless password to the network to which the device had been connected. […]
“Seriously, 90 percent of IoT devices are developed without security in mind. It is just a disaster,” wrote Limited Results in an email. “In my research, I have targeted four different devices : LIFX, XIAOMI, TUYA and WIZ […]
Same devices, same vulnerabilities […]
What’s important to note is the utter lack of care that went into these devices — not just their code, but their construction. They really are just basic enclosures around an off-the-shelf wireless board, with no consideration given to safety, security or longevity. And this type of thing is not by any means limited to smart bulbs. […]