Connect with us

Technology

Smart plugs open to hackers and can start fires, Which? says 

Published

on

smart plugs open to hackers and can start fires which says

Smart plugs risk exposing sensitive data to hackers or creating a serious fire risk in the home, an investigation by consumer champions Which? has found.

Internet-connected ‘smart’ plugs let users turn standard appliances on and off remotely via an app on their smartphone. 

But smart plug makers like TP-Link, Hive and Hictkon all have products open to vulnerabilities making them liable to hazards, and are on sale through retailers including Amazon Marketplace and eBay

One plug made by Hictkon is so dangerous that it ‘should not be sold’ due to the fire risk it presents to people in the home, according to Which?. 

Online retailers should take more responsibility for the safety and security of the products sold on their sites even if the seller is a third-party, Which? says, adding that government intervention is needed. 

Which? experts suspect the Hictkon Smart Plug (pictured) came with a fake CE safety marking and is 'so dangerous that it should not be sold'

Which? experts suspect the Hictkon Smart Plug (pictured) came with a fake CE safety marking and is 'so dangerous that it should not be sold'

Which? experts suspect the Hictkon Smart Plug (pictured) came with a fake CE safety marking and is ‘so dangerous that it should not be sold’.

‘Connected devices like smart plugs bring potential benefits and convenience to our lives, but also significant risks if they are poorly made and sold without any safety checks or monitoring,’ said Kate Bevan, computing editor at Which?. 

‘Government legislation to tackle unsecure products should be introduced without delay and must be backed by an enforcement body with teeth that is able to crack down on these devices.

‘Online marketplaces should also be given more legal responsibility for preventing unsafe products from being sold on their sites.

‘In the meantime, online marketplaces, retailers and manufacturers must be far more proactive in preventing devices with security issues ending up in people’s homes.’

WHAT ARE SMART PLUGS?

Controlled by an app, a smart plug lets users turn on and off any appliance that plugs into a standard wall socket.  

They give users remote control over standard appliances that would normally be plugged into the mains.

Users need to plug their smart plug into any standard wall socket and plug their chosen appliance into it.

The chosen appliance doesn’t have to be a smart appliance.

With an accompanying app, the smart plug controls when the appliance plugged into it is turned on and off.

Source: Alarm.com 

<!—->Advertisement

Which? bought 10 smart plugs available from online retailers and marketplaces. 

Products ranged from well-known brands such as TP-Link and Hive to more obscure names such as Hictkon, Meross and Ajax Online.

Which? worked with security consultants NCC Group to test the 10 smart plugs for security and safety in August 2020. 

Experts found 13 vulnerabilities among nine of the plugs.

Three of these were rated as ‘high impact’ and another three as ‘critical’ – all of which could pose a major risk to people’s homes.

One device had a critical fault that could cause a fire or even an explosion ‘big enough to destroy the device plugged in to it’.

Which? said the Hictkon Smart Plug with Dual USB Ports, which was available on Amazon Marketplace, has been poorly designed.

Its major issue is that its live connection is far too close to an energy-monitoring chip. 

This could cause an arc – a luminous electrical discharge between two electrodes – which poses a fire risk, particularly to older homes with older wiring.

Which? experts suspect the Hictkon Smart Plug came with a fake CE safety marking and is ‘so dangerous that it should not be sold’. 

Amazon has since taken this smart plug off sale pending an investigation and the old webpage for the product now redirects to the Amazon homepage. 

Hive Active plug, available at a wide range of retailers including Amazon, John Lewis, Currys PC World, B&Q and Screwfix, has a smaller window of opportunity for cyber attackers than other plugs, Which? said

Hive Active plug, available at a wide range of retailers including Amazon, John Lewis, Currys PC World, B&Q and Screwfix, has a smaller window of opportunity for cyber attackers than other plugs, Which? said

Hive Active plug, available at a wide range of retailers including Amazon, John Lewis, Currys PC World, B&Q and Screwfix, has a smaller window of opportunity for cyber attackers than other plugs, Which? said

Which? said: ‘Anyone who has purchased one of these devices should unplug it and stop using it immediately.’ 

Meanwhile, other smart plugs were deemed a cybersecurity risk rather than posing an immediate physical threat.  

Several of the products tested had a critical vulnerability that could allow cybercriminals to steal the network password.

This could be used to hack not only the plugs and the hub, but also any other connected products, such as a thermostat, camera or potentially a laptop.

This issue allegedly emerges when users connect two plugs – the Innr SP 222 Zigbee 3.0 Smart Plug (available on Amazon and eBay) and Ajax Online plugs (available on Amazon) – to a Tuya hub, a commonly used hub for connecting devices using the Zigbee specification. 

As well as giving an attacker access to devices, this vulnerability could also divulge information like when people are out of their homes, which is ‘potentially a gift to criminals’, Which? said.  

Innr claimed this issue was more with the Zigbee implementation on the hub used in the testing. 

Ajax also said in a statement to MailOnline that this is not an issue caused by the plugs but the Tuya hubs. 

‘We have contacted Tuya directly and informed them of this issue,’ an Ajax spokesperson said. 

Several of the products tested had a critical vulnerability that could allow cybercriminals to steal the network password and use that to hack plugs and other connected products, such as a thermostat, camera or a laptop. Which? found this issue emerges when connecting two plugs - the Innr SP 222 Zigbee 3.0 Smart Plug (pictured) and Ajax Online plugs (below) - to a Tuya hub, a commonly used hub for connecting Zigbee devices

Several of the products tested had a critical vulnerability that could allow cybercriminals to steal the network password and use that to hack plugs and other connected products, such as a thermostat, camera or a laptop. Which? found this issue emerges when connecting two plugs - the Innr SP 222 Zigbee 3.0 Smart Plug (pictured) and Ajax Online plugs (below) - to a Tuya hub, a commonly used hub for connecting Zigbee devices

Several of the products tested had a critical vulnerability that could allow cybercriminals to steal the network password and use that to hack plugs and other connected products, such as a thermostat, camera or a laptop. Which? found this issue emerges when connecting two plugs – the Innr SP 222 Zigbee 3.0 Smart Plug (pictured) and Ajax Online plugs (below) – to a Tuya hub, a commonly used hub for connecting Zigbee devices

Ajax Online plug (pictured), which is available on Amazon. Ajax said there is an issue caused by the Tuya hubs and not with the plugs

Ajax Online plug (pictured), which is available on Amazon. Ajax said there is an issue caused by the Tuya hubs and not with the plugs

Ajax Online plug (pictured), which is available on Amazon. Ajax said there is an issue caused by the Tuya hubs and not with the plugs

Which? found the same issue with the popular Hive Active plug, available at Amazon, John Lewis, Currys PC World, B&Q and Screwfix.

The ‘window of opportunity for attack’ on Hive Active was smaller on this device, however.

‘We agree any potential vulnerability is serious and we will be reviewing their full findings to evaluate the seriousness of this claim,’ a Hive spokesperson said. 

‘However, from what we have seen to-date, and as verified by Which?, the risk to our customers brought about from this scenario is extremely low due to the small window of opportunity, the customer interaction required and the need to be in close proximity to the devices.’

Experts also uncovered a critical issue with users’ Wi-Fi passwords not being encrypted during the setup of smart plugs, meaning an attacker could steal them. 

Kasa Smart Plug by TP-Link (pictured). TP-Link has developed a fix for the vulnerability with the Kasa smart plug and this will roll out in October 2020. Which? will be verifying the fix when it becomes available

Kasa Smart Plug by TP-Link (pictured). TP-Link has developed a fix for the vulnerability with the Kasa smart plug and this will roll out in October 2020. Which? will be verifying the fix when it becomes available

Kasa Smart Plug by TP-Link (pictured). TP-Link has developed a fix for the vulnerability with the Kasa smart plug and this will roll out in October 2020. Which? will be verifying the fix when it becomes available

The Meross Smart Plug WiFi Socket, sold on Amazon and eBay, could allow a hacker to enjoy free internet at the user’s expense.

It could also let them monitor what sites a person is visiting and attempt to compromise other devices that they have connected to the smart home system.

In the case of the TP-Link Kasa smart plug, a flaw means an attacker could seize total control of the plug and of the power going to the connected device. 

TP-Link also shares the email address used to set up the plug unencrypted with potential hackers, which could be used in phishing scams.    

TP-Link has developed a fix for the vulnerability with the Kasa smart plug, which will roll out this month.  

Hive is also in the process of fixing issues with its products, Which? said.  

‘Which? is also in ongoing talks with Innr while Meross has said it will fix the issue but this could take six months or more.’ 

The Meross Smart Plug WiFi Socket, sold on Amazon and eBay, could 'allow a hacker to enjoy free internet at the user’s expense'

The Meross Smart Plug WiFi Socket, sold on Amazon and eBay, could 'allow a hacker to enjoy free internet at the user’s expense'

The Meross Smart Plug WiFi Socket, sold on Amazon and eBay, could ‘allow a hacker to enjoy free internet at the user’s expense’

In July, the UK government detailed its plans to bring security requirements for smart devices into law, including three basic security requirements that ‘may be expanded on over time’.  

Which? said none of the plugs it tested would currently meet these requirements under the law.  

In response to the Which? findings, Amazon said in a statement: ‘Safety is important to Amazon and we want customers to shop with confidence in our stores. 

‘We have proactive measures in place to prevent suspicious or non-compliant products from being listed and we monitor the products sold in our stores for product safety concerns. 

‘When appropriate, we remove a product from the store, reach out to sellers, manufacturers, and government agencies for additional information, or take other actions. 

‘If customers have concerns about an item they’ve purchased, we encourage them to contact our Customer Service team directly so we can investigate and take appropriate action.’

UK GOVERNMENT’S PROPOSED REQUIREMENTS REGARDING SMART DEVICES 

In July 2020, the UK government detailed its plans to bring security requirements for smart devices into law. 

 The requirements may be expanded on over time in consultation with stakeholders

The three requirements are: 

– Device passwords must be unique and not resettable to any universal factory setting

– Manufacturers must provide a public point of contact so anyone can report a vulnerability

– Information stating the minimum length of time for which the device will receive security updates must be provided to customers.  

Research suggests there are now 20 billion smart devices – known as the Internet of Things (IoT) – in use around the world. 

‘But with only around 13 per cent of manufacturers embedding even the most basic approaches to cyber security in their products, people’s privacy and security is at risk,’ the government said. 

Consumer group Which? said none of the smart plugs it tested in August 2020 would currently meet these requirements under the law. 

None of them say at the point of sale how long the product will be supported with security updates. 

Hardly any of the devices Which? tested had a point of contact where it could report the vulnerabilities and problems it found, while many also use default passwords.

‘Which? wants this legislation to be backed by strong and effective enforcement and for the chosen enforcement body to ultimately have the power to suspend, permanently ban the sale of or recall non-compliant products where necessary,’ the consumer group said.     

<!—->Advertisement

This post first appeared on dailymail.co.uk

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology

Blue Moon: Once-in-19-years event to occur on Halloween night

Published

on

By

blue moon once in 19 years event to occur on halloween night

Legend has it that ghosts and spirits are more active on Halloween, but these ghoulish entities are not the only things coming out on October 31 – a rare Blue Moon is set to rise on the same day. 

The full moon phase, which is the lunar orbs position in in orbit, begins on Saturday at 10:49am ET.

Earth’s natural satellite will not shine blue, but bares the name as it is the second full moon to appear this month – the first occurs October 1.

The cosmic display happens seven times every 19 years, which means the world will not see the next one on October 31 until 2039.

However, this is the first time a Blue Moon has appeared across the world on Halloween since World War II.

Scroll down for video 

Legend has it that ghosts and spirits are more active on Halloween, but these ghoulish entities are not the only things coming out on October 31 - a rare Blue Moon is also set to rise on the same day. Pictured is a Blue Moon snapped in 2018 hanging over San Francisco, California

Legend has it that ghosts and spirits are more active on Halloween, but these ghoulish entities are not the only things coming out on October 31 - a rare Blue Moon is also set to rise on the same day. Pictured is a Blue Moon snapped in 2018 hanging over San Francisco, California

Legend has it that ghosts and spirits are more active on Halloween, but these ghoulish entities are not the only things coming out on October 31 – a rare Blue Moon is also set to rise on the same day. Pictured is a Blue Moon snapped in 2018 hanging over San Francisco, California

It should make for a spectacular show on Halloween that has not happened since 1944.

People in North and South America will have a glimpse of the Blue Moon, along with those in India, Europe and Asia.

The idea of a Blue Moon as the second full moon in a month comes from an article in the March 1946 issue of Sky and Telescope magazine.

This issue published an an article called Once in a Blue Moon by James Hugh Pruett, who referred to the 1937 Maine Farmer’s Almanac, but with a simpler definition.

‘Seven times in 19 years there were – and still are – 13 full moons in a year,’ he wrote.

The full moon phase, which is the lunar orbs position in in orbit, begins on Saturday at 10:49am ET. Earth's natural satellite will not shine blue, but bares the name as it is the second full moon to appear this month – the first occurs October 1

The full moon phase, which is the lunar orbs position in in orbit, begins on Saturday at 10:49am ET. Earth's natural satellite will not shine blue, but bares the name as it is the second full moon to appear this month – the first occurs October 1

The full moon phase, which is the lunar orbs position in in orbit, begins on Saturday at 10:49am ET. Earth’s natural satellite will not shine blue, but bares the name as it is the second full moon to appear this month – the first occurs October 1

‘This gives 11 months with one full moon each and one with two.’

‘This second in a month, so I interpret it, was called Blue Moon.’

A moon can turn blue, but the signing is very rare.

NASA shares that this is also deemed the Hunter’s Moon, the full moon that follows the Harvest Moon that appeared on October 1. 

‘According to the Farmer’s Almanac, with the leaves falling and the deer fattened, this was the time to hunt. Since the harvesters had reaped the fields, hunters could easily see the animals that have come out to glean (and the foxes that have come out to prey on them),’ reads NASA’s statement.

People in North and South America will have a glimpse of the Blue Moon, along with those in India, Europe and Asia. The idea of a Blue Moon as the second full moon in a month comes from an article in the March 1946 issue of Sky and Telescope magazine. Pictured is the Blue Moon hanging over Russia

People in North and South America will have a glimpse of the Blue Moon, along with those in India, Europe and Asia. The idea of a Blue Moon as the second full moon in a month comes from an article in the March 1946 issue of Sky and Telescope magazine. Pictured is the Blue Moon hanging over Russia

People in North and South America will have a glimpse of the Blue Moon, along with those in India, Europe and Asia. The idea of a Blue Moon as the second full moon in a month comes from an article in the March 1946 issue of Sky and Telescope magazine. Pictured is the Blue Moon hanging over Russia 

‘The earliest use of the term ‘Hunter’s Moon’ cited in the Oxford English Dictionary is from 1710.’ 

On Halloween night, Jupiter will appear in the southwest and Mars will shine brightly in the east-southeast.

However, at 2am ET we ‘fall back’ one hour to 1am ET -but the good news is, you will have an extra hour of sleep. 

This post first appeared on dailymail.co.uk

Continue Reading

Technology

Blue Moon: Rare lunar spectacle WORLDWIDE for first time since WWII

Published

on

By

blue moon rare lunar spectacle worldwide for first time since wwii

Legend has it that ghosts and spirits are more active on Halloween, but these ghoulish entities are not the only things coming out on October 31 – a rare Blue Moon is set to rise on the same day. 

The full moon phase, which is the lunar orbs position in in orbit, begins on Saturday at 10:49am ET.

Earth’s natural satellite will not shine blue, but bares the name as it is the second full moon to appear this month – the first occurs October 1.

The cosmic display happens seven times every 19 years, which means the world will not see the next one on October 31 until 2039.

However, this is the first time a Blue Moon has appeared across the world on Halloween since World War II.

Scroll down for video 

Legend has it that ghosts and spirits are more active on Halloween, but these ghoulish entities are not the only things coming out on October 31 - a rare Blue Moon is also set to rise on the same day. Pictured is a Blue Moon snapped in 2018 hanging over San Francisco, California

Legend has it that ghosts and spirits are more active on Halloween, but these ghoulish entities are not the only things coming out on October 31 - a rare Blue Moon is also set to rise on the same day. Pictured is a Blue Moon snapped in 2018 hanging over San Francisco, California

Legend has it that ghosts and spirits are more active on Halloween, but these ghoulish entities are not the only things coming out on October 31 – a rare Blue Moon is also set to rise on the same day. Pictured is a Blue Moon snapped in 2018 hanging over San Francisco, California

It should make for a spectacular show on Halloween that has not happened since 1944.

People in North and South America will have a glimpse of the Blue Moon, along with those in India, Europe and Asia.

The idea of a Blue Moon as the second full moon in a month comes from an article in the March 1946 issue of Sky and Telescope magazine.

This issue published an an article called Once in a Blue Moon by James Hugh Pruett, who referred to the 1937 Maine Farmer’s Almanac, but with a simpler definition.

‘Seven times in 19 years there were – and still are – 13 full moons in a year,’ he wrote.

The full moon phase, which is the lunar orbs position in in orbit, begins on Saturday at 10:49am ET. Earth's natural satellite will not shine blue, but bares the name as it is the second full moon to appear this month – the first occurs October 1

The full moon phase, which is the lunar orbs position in in orbit, begins on Saturday at 10:49am ET. Earth's natural satellite will not shine blue, but bares the name as it is the second full moon to appear this month – the first occurs October 1

The full moon phase, which is the lunar orbs position in in orbit, begins on Saturday at 10:49am ET. Earth’s natural satellite will not shine blue, but bares the name as it is the second full moon to appear this month – the first occurs October 1

‘This gives 11 months with one full moon each and one with two.’

‘This second in a month, so I interpret it, was called Blue Moon.’

A moon can turn blue, but the signing is very rare.

NASA shares that this is also deemed the Hunter’s Moon, the full moon that follows the Harvest Moon that appeared on October 1. 

‘According to the Farmer’s Almanac, with the leaves falling and the deer fattened, this was the time to hunt. Since the harvesters had reaped the fields, hunters could easily see the animals that have come out to glean (and the foxes that have come out to prey on them),’ reads NASA’s statement.

People in North and South America will have a glimpse of the Blue Moon, along with those in India, Europe and Asia. The idea of a Blue Moon as the second full moon in a month comes from an article in the March 1946 issue of Sky and Telescope magazine. Pictured is the Blue Moon hanging over Russia

People in North and South America will have a glimpse of the Blue Moon, along with those in India, Europe and Asia. The idea of a Blue Moon as the second full moon in a month comes from an article in the March 1946 issue of Sky and Telescope magazine. Pictured is the Blue Moon hanging over Russia

People in North and South America will have a glimpse of the Blue Moon, along with those in India, Europe and Asia. The idea of a Blue Moon as the second full moon in a month comes from an article in the March 1946 issue of Sky and Telescope magazine. Pictured is the Blue Moon hanging over Russia 

‘The earliest use of the term ‘Hunter’s Moon’ cited in the Oxford English Dictionary is from 1710.’ 

On Halloween night, Jupiter will appear in the southwest and Mars will shine brightly in the east-southeast.

However, at 2am ET we ‘fall back’ one hour to 1am ET -but the good news is, you will have an extra hour of sleep. 

This post first appeared on dailymail.co.uk

Continue Reading

Technology

Blue Moon: Rare lunar phenomenon to be seen worldwide on Halloween

Published

on

By

blue moon rare lunar phenomenon to be seen worldwide on halloween

Legend has it that ghosts and spirits are more active on Halloween, but these ghoulish entities are not the only things coming out on October 31 – a rare Blue Moon is set to rise on the same day. 

The full moon phase, which is the lunar orbs position in in orbit, begins on Saturday at 10:49am ET.

Earth’s natural satellite will not shine blue, but bares the name as it is the second full moon to appear this month – the first occurs October 1.

The cosmic display happens seven times every 19 years, which means the world will not see the next one on October 31 until 2039.

However, this is the first time a Blue Moon has appeared across the world on Halloween since World War II.

Scroll down for video 

Legend has it that ghosts and spirits are more active on Halloween, but these ghoulish entities are not the only things coming out on October 31 - a rare Blue Moon is also set to rise on the same day. Pictured is a Blue Moon snapped in 2018 hanging over San Francisco, California

Legend has it that ghosts and spirits are more active on Halloween, but these ghoulish entities are not the only things coming out on October 31 - a rare Blue Moon is also set to rise on the same day. Pictured is a Blue Moon snapped in 2018 hanging over San Francisco, California

Legend has it that ghosts and spirits are more active on Halloween, but these ghoulish entities are not the only things coming out on October 31 – a rare Blue Moon is also set to rise on the same day. Pictured is a Blue Moon snapped in 2018 hanging over San Francisco, California

It should make for a spectacular show on Halloween that has not happened since 1944.

People in North and South America will have a glimpse of the Blue Moon, along with those in India, Europe and Asia.

The idea of a Blue Moon as the second full moon in a month comes from an article in the March 1946 issue of Sky and Telescope magazine.

This issue published an an article called Once in a Blue Moon by James Hugh Pruett, who referred to the 1937 Maine Farmer’s Almanac, but with a simpler definition.

‘Seven times in 19 years there were – and still are – 13 full moons in a year,’ he wrote.

The full moon phase, which is the lunar orbs position in in orbit, begins on Saturday at 10:49am ET. Earth's natural satellite will not shine blue, but bares the name as it is the second full moon to appear this month – the first occurs October 1

The full moon phase, which is the lunar orbs position in in orbit, begins on Saturday at 10:49am ET. Earth's natural satellite will not shine blue, but bares the name as it is the second full moon to appear this month – the first occurs October 1

The full moon phase, which is the lunar orbs position in in orbit, begins on Saturday at 10:49am ET. Earth’s natural satellite will not shine blue, but bares the name as it is the second full moon to appear this month – the first occurs October 1

‘This gives 11 months with one full moon each and one with two.’

‘This second in a month, so I interpret it, was called Blue Moon.’

A moon can turn blue, but the signing is very rare.

NASA shares that this is also deemed the Hunter’s Moon, the full moon that follows the Harvest Moon that appeared on October 1. 

‘According to the Farmer’s Almanac, with the leaves falling and the deer fattened, this was the time to hunt. Since the harvesters had reaped the fields, hunters could easily see the animals that have come out to glean (and the foxes that have come out to prey on them),’ reads NASA’s statement.

People in North and South America will have a glimpse of the Blue Moon, along with those in India, Europe and Asia. The idea of a Blue Moon as the second full moon in a month comes from an article in the March 1946 issue of Sky and Telescope magazine. Pictured is the Blue Moon hanging over Russia

People in North and South America will have a glimpse of the Blue Moon, along with those in India, Europe and Asia. The idea of a Blue Moon as the second full moon in a month comes from an article in the March 1946 issue of Sky and Telescope magazine. Pictured is the Blue Moon hanging over Russia

People in North and South America will have a glimpse of the Blue Moon, along with those in India, Europe and Asia. The idea of a Blue Moon as the second full moon in a month comes from an article in the March 1946 issue of Sky and Telescope magazine. Pictured is the Blue Moon hanging over Russia 

‘The earliest use of the term ‘Hunter’s Moon’ cited in the Oxford English Dictionary is from 1710.’ 

On Halloween night, Jupiter will appear in the southwest and Mars will shine brightly in the east-southeast.

However, at 2am ET we ‘fall back’ one hour to 1am ET -but the good news is, you will have an extra hour of sleep. 

This post first appeared on dailymail.co.uk

Continue Reading

Trending

Copyright © 2020 DiazHub.