Or in this case, don’t put it in there in the first place. Good all-round advice for life there. The type of plug to which I am referring however, are smart plugs. And this week I happened across a very interesting blog post from a Richard Huges of an A&O IT Group on this very topic.
Now what is interesting about Richard is he is not only head of technical cybersecurity, but he is also an ethical hacker. I’m sure there are plenty more interesting things about Mr Huges, but unfortunately, I do not know the man personally, so for our purposes today, this is what is interesting. My apologies Richard.
Richard has taken the liberty of delving into the vulnerabilities of two different ‘smart plugs’ available for purchase, right now, in the UK for just over a tenner. For clarity, there are so many ‘smart’ gadgets around at the moment, smart plugs essentially act like a power-point adapter.
They fit between your power socket and the appliance you want to plug in. At their most basic level, they simply turn things on and off, but when connected to a smart home platform, smart plugs become a lot handier. They are considered ‘smart’ because they let you control your appliances from an app on your phone from anywhere. Seems great in theory.
But, Richard quickly discovered simple (but potentially devastating) security errors. For example, passwords made publicly available in user guides, unencrypted traffic between the smart plug and the mobile device that controls it, as well easy to capture Wi-Fi credentials.
Additionally, Richard also managed to upload malicious firmware on the devices, something that costs less than £5 to do and provides exact locations of the smart plugs as well as allowing cyber criminals to launch cyber-attacks from users’ Wi-Fi networks without being caught. Yikes.
And I’m sure we’re all dying to know which smart plugs were tested, so in the name of public safety, the ones you want to avoid are the Sonoff S26 and the Ener-J Wi-Fi which are currently being sold on popular sites such as eBay, AliExpress and Amazon. That said, I’m sure there are many others out there with similar (if not the same) issues.
Considering the concept of the ‘smart home’ is probably just about now growing in popularity for your regular member of Joe Public, these discoveries are pretty damn worrying. Not everyone can afford solar panels and interconnected smart heating or lighting. But by the same token, people don’t want to feel left out, and of course want to make their lives easier too.
Devices such as these ‘smart’ plugs, as far as the consumer is concerned, are an ideal way to bridge the gap between the basic benefits of a smart home and a full-on financial investment. Unfortunately, the cybersecurity of your average person doesn’t matter all that much to these companies, and even more unfortunate, is that cybersecurity probably won’t even enter the minds of many of these consumers.
People start needing schooled on cybersecurity, just as they would physical security. In an ideal world, we should be able to trust companies such as Amazon to be vetting the products they host, but unfortunately, the big players just don’t care. In order to stay safe, we’re simply going to have to get savvier.
This editorial originally appeared in the Data Centre Review Newsletter May 21, 2021. To ensure you receive these editorials direct to your inbox, you can subscribe to our weekly newsletter here.