Experts believe cheap smart plugs are a big cybersecurity flaw that could be quickly used by hackers to gain access to a person’s devices or even house.
A&O IT Group outlined its security review of two inexpensive and readily accessible smart plugs, the Sonoff S26 and the Ener-J WiFi, in a blog post.
These smart plugs, which can be purchased for as little as $10 on Amazon, eBay, and Aliexpress, can be used to steal login credentials for the target’s Wi-Fi network. Due to the fact that these devices communicate with the router via port 80, sending unencrypted HTTP traffic, as well as weak factory passwords, this was possible.
If the attackers have the target network’s Wi-Fi keys, they can link to it and do whatever they want, like receiving video and audio from smartphones, manipulating compromised smart devices, downloading confidential data, and even tracking traffic from other devices.
They could also use the Wi-Fi to download illegal material from the internet, or launch attacks on other users’ devices, with virtually no chance of being caught.
A&O IT Group says it has notified both Sonoff and Ener-J of the discovered vulnerabilities but is yet to hear back from either manufacturer.
How To Prevent?
To mitigate the issue, experts from CNX Software, are saying, the quickest way is to set up a guest SSID for the IoT gadgets, so that other important devices don’t share the same network.
Use secured smart Plugs