Despite ongoing demonstrations of the limited security measures of smart devices, manufacturers still do not implement the appropriate protection mechanisms, exposing millions of users. The most recent example of this is the Trifo Ironpie smart vacuum cleaner, analyzed by vulnerability testing specialists.
According to the manufacturer, this robot
vacuum cleaner was designed to perform a double task: its fans placed on a
rotating disc, vacuums the user’s home, while the camera (mounted on the
surface of the device) works as a security measure to prevent the robot from
colliding with its environment.
While it seems like a really useful device,
security firm Checkmarx vulnerability testing specialists reported finding
multiple security flaws on this Internet-connected device that could be really harmful
for the user.
According to the researchers, these
vulnerabilities vary in severity. Of the group of reported flaws, they
highlight a bug that allows threat actors to access live streams from the
camera of these devices by simply accessing the Trifo servers. Another of the
vulnerabilities found allows hackers to send fake software updates via the
vacuum cleaner app.
Hackers can even connect to the victims’ WiFi network, so they could take control of the operation of these devices and intercept their data, which do not have encryption. As if that weren’t enough, threat actors could access the maps that the Ironpie records of the house, so they could determine its location, number of rooms, possible entrances and so on.
Vulnerability testing specialists say the
company was notified since December 2019. However, the flaws remain
uncorrected, so it’s still not possible to disclose technical details about
This is a widespread problem in the Internet
of Things (IoT) device industry,” the International Institute of Cyber
Security (IICS) says. In addition, the problem becomes bigger as people
increasingly use this kind of devices for their routine tasks, so manufacturers
must devise a reliable model for protecting these devices, as they are becoming
an important attack vector.