As the Internet of Things (IoT) has grown in popularity with consumers adding more devices to build out their smart homes, new research has revealed that vulnerable apps are putting users at risk.

To better gauge the security of IoT devices, researchers from Brazil's Federal University of Pernambuco and the University of Michigan examined 32 apps used to configure and control the 96 best selling Wi-Fi and Bluetooth-enabled devices from Amazon.

IoT app developers need to secure the apps themselves, their connection to cloud proxies which are used during their initial setup and the wireless connection and authentication to and from each IoT device. For this reason, the study's researchers started by inferring potential weaknesses using heuristic analysis of each app.

The researchers found that 31 percent of the apps (corresponding to 37 devices out of 96) had no encryption at all while another 19 percent had hard-coded encryption keys that could be reverse engineered by potential attackers.

Insecure apps

The researchers even developed proof-of-concept attacks for TP-Link's Kasa app, LIFX's smart light app, Belkin's WeMo for IoT and Broadlink's e-Control app to back up their findings further.

Three of the four apps used no encryption whatsoever and three communicated using broadcast messages that could provide an attacker with a way of monitoring the app-device communication to find vulnerabilites.

The researchers explained their findings in a report, saying:

“Based on our in-depth analysis of four of the apps, we found that leveraging these weaknesses to create actual exploits is not challenging. A remote attacker simply has to find a way of getting the exploit either on the user’s smartphone in the form of an unprivileged app or a script on the local network.”

While many IoT apps have a ways to go when it comes to securing their devices, the researchers highlighted Google's Nest thermostat app as an example of how IoT security should be done with its entire configuration process secured with SSL/TLS to the cloud or via Wi-Fi with WPA.

Via Naked Security