Inexpensive intelligent connectors are a big threat to cybersecurity and can effectively be used by cybercriminals to hack anyone’s device or even gain entry to their residences, experts say.
Usually, modern Internet-based devices can send data (using HTTPS) with stronger passwords and follow the appropriate safety practices using encrypted channels. Techradar reports that Sonoff and Ener-J smart plugs worked the opposite and that a large security issue was ready to be exploited.
The security firm A&O IT Group documented its security analyses of two smart plugs, Sonoff S26 and Ener-J Wi-Fi, that are cheap and easily available at large.
These smart connectors, which the customers will be able to purchase for just 10 dollars on Amazon, eBay, and AliExpress, can also be used to gain access to the Wi-Fi network of the targets by the hackers. This is because the router is communicated through port 80 via these devices, as well as because they have failed factory credentials, to send unencrypted HTTP traffic.
As soon as the attackers get Wi-Fi passwords, they can log in to the target network and do all sorts of activities from it: video and audio received from porters, insecure smart devices being regulated, confidential data downloaded, or even traffic monitoring from many other devices.
They may also use Wi-Fi to download illicit information from the internet or undertake attacks on computers of other users that have little risk of getting caught.
This is particularly important if the victim has items such as smart door locks, or video surveillance on the very same network. In this case, an intruder already knows how long the citizens are out and may even break into the property.
The A&O IT Group says it has both reported vulnerabilities to Sonoff and Ener-J, but it has yet to receive any company's reports.
To mitigate this issue, expertise from CNX Software suggests the fastest way is to set up a Guest SSID for IoT devices to prevent the sharing of the same network by other important devices.
The most recent report on users of Eufy safety cameras that were later fixed in security feeds and the smart plug vulnerabilities that remind users that network security rests on the safety of all connected devices — something that users must remember when having smart doors, smart cameras, or other sensitive devices when using the same network.