Advertisement

Princeton researchers find security flaws in IoT devices

Nest thermostats were leaking zip codes on the internet, for example.

One of the main concerns about the so-called Internet of Things is security, and the recent findings of researchers at Princeton won't help ease the anxiety. Researchers at the university's Center for Information Technology Policy (CITP) took a close look at how information is transmitted between the connected devices in your home and the cloud to gauge just how secure they really are. The list of devices researched included the Belkin WeMo Switch, Nest Thermostat, Ubi Smart Speaker, Sharx Security Camera, PixStar Digital Photoframe and a SmartThings Hub. As it turns out, a few gadgets the group examined sent information out in the open.

First, the group found that Nest thermostats were leaking customer zip codes over the internet out in the open. In other words, general user location information and the coordinates of the company's weather stations were not being locked down whatsoever. Thankfully, Nest quickly patched the flaw when CITP notified them of the issue. Of course, the thermostats also recently hit a software snag that sent them offline for a number of customers.

The group also discovered that the Sharx security camera beamed footage over an unencrypted FTP, making it accessible to any prying eyes. What's more, all traffic to the PixStar digital photo frame was unencrypted, so all of a user's activity with the device was there for the taking. On the whole, CITP researchers say that "many devices" don't encrypt "at least some" of the details that they transmit over the internet, but encryption may not be enough. The group explains that even if the info being beamed back and forth is locked down, there still may be a way for hackers to tell if one of the gadgets is in your home.

[Image credit: Ann Hermes/The Christian Science Monitor via Getty Images]