Security researchers discovered a couple flaws in Belkin home devices and discussed it during last Friday’s Black Hat Europe conference. These were SQL injection and XSS vulnerabilities, the same ones we discussed last class. The SQL injection vulnerability ultimately led to root access being compromised for these devices. The XSS vulnerability allowed personal information, such as pictures of GPS locations, to a remote server. These issues are very concerning. As people start to connect their homes with these devices, this can be a serious safety issue. Belkin has since released firmwares to fix these vulnerabilities, but there needs to be more done in order to mitigate this. There is a lot more information in the article, definitely check it out.
Article: http://www.csoonline.com/article/3138935/security/sqli-xss-zero-days-expose-belkin-iot-devices-android-smartphones.html
Interesting article Ahmed. It amazes me that anyone on the network could gain control of these IoT devices. Authentication should have been a core requirement in the preliminary design and architecture of the system. What is even more concerning is that these are well know brands. I’m glad they have addressed these flaws through firmware patches, but I’m glad I don’t own any of these devices.