Slashdot Mirror

← Back to Stories (view on slashdot.org)

IoT Home Alarm System Can Be Easily Hacked and Spoofed (cybergibbons.com)

Posted by Soulskill on from the alarming-alarms dept.

An anonymous reader writes: In the never-ending series of hackable, improperly protected IoT devices, today we hear about an IoT smart home alarm system that works over IP. Made by RSI Videofied, the W Panel features no encryption, no integrity protection, no sequence numbers for packets, and a predictable authentication system. Security researchers who investigated the devices say, "The RSI Videofied system has a level of security that is worthless. It looks like they tried something and used a common algorithm – AES – but messed it up so badly that they may as well have stuck with plaintext."

3 of 123 comments (clear)

  1. I'm not surprised by TWX · · Score: 4, Insightful

    I've worked with security companies that do lower-end security before. They've e-mailed usernames and passwords to me across the Internet.

    There's no licensing or aptitude testing necessary to operate a security company. Anyone can form a business and call it a security business, and often people that have no technical background will do it because there's a market to be served, even if they should not be the ones serving it.

    --
    Do not look into laser with remaining eye.
  2. The IoT of now and the future. by geekmux · · Score: 3, Insightful

    This just goes to show you that even with a security-centric product like an alarm system, even basic security features cannot seem to be prioritized over cost or first to market.

    Expect thousands more shitty products that lack even the most basic security to hit the IoT market before consumers pull their head out of their a...ah, what the hell am I thinking? Consumers have never given a shit about security or privacy.

    It's the very reason shitty IoT is thriving.

  3. Levels of Security by holophrastic · · Score: 1, Insightful

    I'm quite tired of the hi-tech this-security-is-hackable discussion. Of course it's hackable. Everything is. That this product doesn't require ethan hunt just makes it worthless for bank vaults.

    I highly doubt that this product is being sold as a replacement for secure systems. It's being sold as a supplement to, wait for it, a lock and key.

    It's better than the fake camera with the blinky light.

    This isn't slashdot-worthy news. There are lesser products out there. That's never news.