Tripwire has analyzed three of the top-selling smart home systems on Amazon and uncovered zero-day flaws in each hub that allow hackers to take control of smart home functionalities.
Tripwire’s Vulnerability and Exposure Research Team (VERT) analyzed smart home hubs which are used to control lighting, heating, locks and cameras in people’s homes.
According to the results declared by Tripwire, hackers can identify when people are out of their home, change alarm settings and open locks without authorization.
Additionally, hackers can also take care of smart home functionalities by accessing local area networks and use smart hubs for DDoS purposes.
The report revealed, two out of the three vendors have patched these reported flaws while one vendor’s smart home system remains at risk.
Also, if left unpatched, some of the vulnerabilities revealed in VERT’s analysis could be exploited through malicious web pages or smartphone applications and execute commands with system level access.
The hacker can also turn off the heat on a freezing cold night. The devices can cause damage to a home in many cases and making it less secure.
“Smart home hubs that are vulnerable to remote code execution could allow attackers to migrate from a breached computer to the hub, effectively hiding themselves on the network,” said Tyler Reguly, manager of security research at Tripwire.