NEST Thermostat-BlackHat

Report: Princeton Finds Security Flaws In Range Of Internet Of Things Devices

NEST Thermostat-BlackHat
Researchers at Princeton found flaws in a number of IoT devices they tested, including smart hubs used in homes and businesses.

In-brief: researchers at Princeton researched the security of a wide range of connected devices – including smart hubs and a connected picture frame. They found lots to worry about. 

The folks over at Tech Times  and Engadget picked up on some work by researchers at Princeton University on the security of a wide range of connected devices. From Tech Times:

Researchers at the Center for Information Technology Policy looked at a number of IoT devices and how information is shared between them, basically seeing just how secure they actually are. Among those devices were the Belkin WeMo Switch, the Nest Thermostat, Sharx Security Camera, Ubi Smart Speaker, and more.

What they found is that some of these devices more or less transmit their data in the open for anyone to see. First of all, it was found that the Nest thermostats were leaking customer’s ZIP codes over the Internet. In other words, user location information, as well as coordinates of company weather stations, weren’t secure. Nest, thankfully, quickly patched the flaw when it was notified.

Other findings include lax security around the PixStar Digital Photo Frame – a “smart” picture frame. Among other sins, all traffic and feeds from the device were transmitted in clear text over HTTP port 80 and all actions were sent to the PixStar server in an HTTP GET packet that was found to contain sensitive information such as the user’s e-mail, user activity and DNS queries.

The researchers posted a summary of their findings here and also submitted it to the FTC for consideration. Source: Princeton Finds Security Flaws In Range Of Internet Of Things Devices -Tech Times