Vulnerabilities in smart electric plugs give attackers a staging point for scanning and attacking your whole network

If an attacker takes control of a device inside your network — by exploiting a defect in it or a mistake you made in configuring it or by tricking you somehow — then they can do all kinds of bad things, like scanning your local network for other vulnerable devices, attacking them and taking control over them.


So, in a very real sense, security researchers can claim "A defect in $SOME_DEVICE allows attackers to take over $ANOTHER_DEVICE," and the latest version of this is that defects in your smart electric outlet are a stepping-stone to attacking your smart TV.

McAfee recently disclosed a defect in Belkin's Wemo Insight, an Internet of Things/smart electrical outlet.

McAfee's research points out that this could be use to attack your smart TV, though they admit this is just a colorful illustration (indeed, a defect in your smart TV could be used to attack your smart plug).


The bug underscores the primary risk posed by IoT devices and connected appliances. Because they are commonly built by bolting on network connectivity to existing appliances, many IoT devices have little in the way of built-in network security.

Even when security measures are added to the devices, the third-party hardware used to make the appliances "smart" can itself contain security flaws or bad configurations that leave the device vulnerable.

"IoT devices are frequently overlooked from a security perspective; this may be because many are used for seemingly innocuous purposes such as simple home automation," the McAfee researchers wrote.


Security MadLibs: Your IoT electrical outlet can now pwn your smart TV [Shaun Nichols/The Register]


(via Naked Capitalism)