Smart plug security flaw might grant access the attacker to the full home network have been discovered by researchers. Nowadays IoT devices are on the rise and have network capabilities. The daily consumer needs devices like washing machines, fridges even smart plugs also. Monitor energy consumption, power and control security cameras, coffee makers and other devices.
An electrical outlet available in the market right now has a malicious firmware update which might allow attackers to access entry to your home network and remotely control connected items.
Here is how it works the device set up is fairly easy. After plugging it in the users need to download the Android or iOS app. The device request for user credentials for the home network and this get registered to the vendor server through UDP. This UDP contains the device name, MAC address, and model to which the server replies with local IP id, firmware version, and port. Well, this is not the problem.
What actually the problem is the communication occur through a cleartext without any encryption. The device to application communication passing through the vendor’s server is not encrypted but only encoded. Forget the attackers, the researchers can perform an attack on the network connected to this device. Though the vendor is working to fix this flaw prior to the release of the device.