This article is more than 1 year old
Three home security systems found to be vulnerable – if hackers were hiding in bushes
Pointblank weaknesses have since been patched
Three home security systems were riddled with bugs, according to new research made public this week.
Rapid7 found 10 vulnerabilities after putting Comcast XFINITY, ADT, and AT&T Digital Life systems through their paces. The issues range from a "fail open" condition on the external door and window sensors, to weak, pre-shared Wi-Fi access passwords on to cleartext (unencrypted) network communications. It's a not unfamiliar list given the lamentable state of IoT security more generally.
Potential hackers would need to be physically close to their target to attempt to abuse any of these vulnerabilities, according to Rapid7. Remote hacks over the internet would not be possible but with proximity all manner of mischief is possible.
"Exploitation of the identified vulnerabilities could have allowed an attacker to compromise homeowners' security cameras, disarm door sensors, gain router access to implant malicious firmware and redirect DNS traffic to an alternate server, potentially controlled by the attacker," Rapid7 reported.
The cybersecurity firm has been in touch with all three vendors over the last few months. All of the identified issues have been either "resolved or sufficiently mitigated against" so that they no longer posed a threat to consumers before Rapid7 went public with its research on Wednesday.
These latest home IoT insecurity findings parallel those of Tripwire, which found a spookily similar set of flaws after analysing the security of home hubs two years ago. ®