Smart plug users have been warned to be careful when using these very useful doodads, because they might become cybersecurity risks under certain circumstances.
According to a TechRadar report, any cheap smart plug has been found especially vulnerable to hacking. Should the hackers find an exploit, they can use the smart plug to gain access into anyone's home network.
With this, the risks of them taking anything of value digitally (sometimes even physically) are very high.
The information comes from a blog post by A&O IT, a group of cybersecurity experts who found out just how vulnerable a smart plug can be. They tested a couple of cheap smart plugs, namely the Ener-J WiFi and the Sonoff S26, both of which are freely available online in sites like Amazon.
Their tests revealed that with the right software, any hacker can gain access to a user's network and launch a myriad of cyberattacks.
For instance, a specific type of program A&O used enabled them to get a network's SSID and PSK. Once the credentials came in, the entire network was exposed. From there, literally anything connected to the smart plug can be accessed.
So, if you just installed a cheap smart plug in an attempt to automate your home, you should replace that with something better. Barring that, you risk falling victim to an attack that might result in your private data being stolen and sold on the web, just like what these Chinese hackers did.
Read also: How to Check if My Facebook Data Have Been Hacked [2021]: 533 Million Accounts Compromised
Smart Plug Hacking: Not A New Thing
If you think that hacking cheap smart plugs is a relatively new endeavor, you're flat out wrong because cybersecurity vulnerabilities concerning these gadgets have already existed for a while.
A Aot of cybersecurity sites have been pointing this out back in 2018, for instance.
Among these is the site named HelpNetSecurity, which revealed a fatal security flaw in a smart plug model from the company Belkin. The flaw, which they called a "buffer overflow," made it vulnerable to hacking by allowing attackers to bypass security using a specially crafted HTTP post packet.
That's just one of them. Last year, the site TechAdvisor also drew attention to a similar flaw in TP Link's Kasa smart plug.
Any hacker with enough skill can actually "take control" of the plug and switch to any connected appliance. This was mainly due to TP Link itself not encrypting user email addresses that are required to set the plug up.
A lack of encryption can enable hackers to use the email address for phishing scams, not unlike the Facebook tagging incident that millions of users fell victim to last month.
Be Vigilant
Smart plugs are amazing pieces of technology in this age of home automation. On their own, they're not much of a threat. But if you have multiple devices connected to them (i.e. your smartphone or computer), then the danger level increases.
To keep yourself safe, make sure that you only buy from a reputable brand.
This article is owned by Tech Times
Written by RJ Pierce