You are here: Home - Household Bills - News -

Could your smart product be a security risk?

Written by: Emma Lunn
Shoppers have warned to be cautious when shopping for cheap electronics after an investigation by Which? found hundreds of security and privacy-risk smart products for sale.

The consumer champion found more than 1,800 smart tech products available for sale, including smart doorbells, wireless cameras, alarms and tablets, on AliExpress, eBay and Amazon Marketplace. Many use apps with inadequate security protection and could leave users exposed to hackers or infringement of their data privacy.

Which? found it difficult to trace the firms behind these white-label products. Many are based in Shenzhen or Hangzhou – two major electronics markets in China – and in most cases have limited clear contact details for consumers to report problems to and get vulnerabilities fixed.

Which? found 1,727 different products – including products that were unbranded, from little-known brands or clones of legitimate items – sold on online marketplaces and all operated via just four apps, Aiwit, CamHi, CloudEdge and Smart Life.

Working with security experts, 6point6 and NCC Group, Which? found that all these apps had potential security issues that could make them easy prey for hackers or put users’ privacy at risk.

Based on reported figures and available data, Which? believes that hundreds of thousands of these devices have been sold and could be in use in homes.

Password security

Password security was a widespread problem across the apps. By enabling weak default or user-generated passwords these apps potentially put users at risk of hackers finding the exact location of their home and targeting other more valuable smart devices linked to their home broadband network.

If exploited, it could even allow the hacker to view live footage on a smart doorbell or a wireless camera.

Privacy protection

As well as weak passwords, other issues uncovered included the sending of unencrypted data transfer and, in the case of Smart Life, a vague privacy policy requiring clarification.

While there are no laws currently mandating a certain level of security and privacy protection in smart products, some of the flaws Which? found would be made illegal under new legislation currently being planned by the UK government.

Contacting developers

Which?’s researchers were particularly concerned about how difficult it was to report vulnerabilities to the companies behind the apps. Apart from with Aiwit, Which? had to do extensive research to find the original app developer who could fix the problems it found.

Out of the four apps, only the Smart Life one seemed to have a clear disclosure policy – and that was only after Which? eventually tracked down its actual developer Tuya, after a different developer with no web presence was listed by the app that Which? found was a Tuya subsidiary.

Cloned products

A lot of the products Which? found were clones of legitimate products or even clones of already cloned products. The consumer champion combined its in-depth testing and knowledge of generic and clone smart products with a method called ‘web scraping’.

This involves taking key terms, such as the name of an app experts know is used by a lot of smart products, and then using machines to trawl the marketplaces for listings that mention this term.

Usually with smart tech, a company has a single app that they use with their products and maintains it accordingly. The difference with clone devices is that various different products from different manufacturers and sellers will use the same app.

So, if that app has a vulnerability that is not fixed, all devices using it are also potentially vulnerable. Likewise, some apps have become so large that they are almost like operating systems. In that sense they could pose risks to consumers’ data privacy.

Established brands

Which? is warning consumers to be cautious when shopping for smart products due to potential security and privacy risks with lots of cloned or unbranded smart products.

Smart products by established brands tend to be more expensive – some cheap lookalikes can sell for around a third of the price of a Ring smart doorbell.

However, Which? believes that it’s not worth compromising your security or privacy by choosing a substandard product.

Kate Bevan, Which? Computing editor, said: “Our investigation has uncovered concerning security flaws with smart products that have flooded online marketplaces and could put consumers at risk this Black Friday.

“Which? is warning consumers to be cautious when shopping for connected tech products. Make sure you have researched the product you’re thinking of buying and choose one that doesn’t play fast and loose with security.”

There are 0 Comment(s)

If you wish to comment without signing in, click your cursor in the top box and tick the 'Sign in as a guest' box at the bottom.

Flight cancelled or delayed? Your rights explained

With no sign of the problems in UK aviation easing over the peak summer period, many will worry whether holida...

Rail strikes: Your travel and refund rights

Thousands of railway workers will strike across three days this week, grinding much of the transport system to...

How your monthly bills could rise as the base rate reaches 1.25%

The Bank of England has raised the base rate to 1.25% as predicted – the fifth consecutive rise in just six ...

What will happen if rates change

How your finances will be impacted by a rise in interest rates.

Regular Savings Calculator

Small regular contributions can build up nicely over time.

Online Savings Calculator

Work out how your online savings can build over time.

DIY investors: 10 common mistakes to avoid

For those without the help and experience of an adviser, here are 10 common DIY investor mistakes to avoid.

Mortgage down-valuations: Tips to avoid pulling out of a house sale

Down-valuations are on the rise. So, what does it mean for home buyers, and what can you do?

Five tips for surviving a bear market mauling

The S&P 500 has slipped into bear market territory and for UK investors, the FTSE 250 is also on the edge. Her...

Money Tips of the Week