VB2016 preview: Smart Outlets. Why We Need Responsible Disclosure!

Posted by   Martijn Grooten on   Sep 9, 2016

If you are wondering whether you really live in the future: we need to be concerned about the security of Internet-connected power outlets.

Such devices are the subject of a VB2016 paper by four researchers from Bitdefender in Romania: George Cabău, Radu Basaraba, Dragoș Gavriluț and Ciprian Oprișa. While the devices may not appear to offer a lot of possibilities for those with malicious intentions, the fact that they can turn any device whose power is controlled by them into a "smart device" means that their security should concern us.

Unfortunately, security didn't appear to have been a concern for the developers of these devices as, when looking at four "smart" outlets, the researchers found issues with all of them, including two that could be hacked remotely. Worse, when the manufacturers were contacted, they didn't show much interest in fixing the issues, or answering the researchers' calls.

The researchers will discuss these issues, some of which are embarrassingly simple, on Friday 7 October at VB2016.

smartoutletdiagram.png

VB2016 starts in four weeks' time and registration is still open. For more on IoT security, there is the presentation Mobile Applications: a Backdoor into Internet of Things? by Fortinet researcher Axelle Apvrille, which we previewed last week.

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

VB2018 call for papers now open!

Have you analysed a new online threat? Do you know a new way to defend against such threats? Are you tasked with securing systems and fending off attacks? The call for papers for VB2018 is now open and we want to hear from you!

Book review: Serious Cryptography

VB Editor Martijn Grooten recommends Jean-Philippe Aumasson's 'Serious Cryptography' as a very solid but practically focused introduction to cryptography.

Necurs pump-and-dump spam campaign pushes obscure cryptocurrency

A Necurs pump-and-dump spam campaign pushing the lesser known Swisscoin botnet is mostly background noise for the Internet.

Alleged author of creepy FruitFly macOS malware arrested

A 28-year old man from Ohio has been arrested on suspicion of having created the mysterious FruitFly malware that targeted macOS and used it to spy on its victims.

The threat and security product landscape in 2017

At the start of the new year, Virus Bulletin looks back at the threats seen in the 2017 and at the security products that are available to help mitigate them.