Yesterday, we looked at how tariffs might well make connected accessories more expensive and leave existing devices less secure as the companies that made them exit the market.
Today, we discover why these accessories need to be protected and find out they can already be attacked. If nothing else, it should encourage any consumer or enterprise user relying on connected accessories to take the time to verify that all of them are truly secure.
Those that are not should be removed from use – and from your network.
All the forgotten endpoints
Wired tells us that Oligo security researchers have discovered flaws in Apple’s AirPlay system that could allow hackers to gain access to your Wi-Fi network to infect AirPlay-enabled smart home accessories.
That’s a danger, given how infrequently smart accessory manufacturers actually publish security updates for those devices — and it will likely get worse in the future as accessory developers exit the market when tariffs make business unprofitable.
Given that some connected device users have spent a great deal of money on their systems, it’s unrealistic to expect they will swiftly give up their accessories. That means those potentially very vulnerable endpoints will remain in use for some time to come.
The problem Oligo found
The problem Oligo identified consists of bugs in Apple’s AirPlay SDK that hackers can exploit to gain access to smart gadgets, including speakers, receivers, set-top boxes, televisions and other network devices that connect using AirPlay. That could mean, for example, using your device’s microphone to listen in on your conversations.
The good thing is that this isn’t a remote attack; attackers need to gain access to your Wi-Fi network first, which is more of a problem when it comes to shared public Wi-Fi networks than at home.
The researchers shared their findings with Apple, which has patched the vulnerability on its own devices and issued an updated developer SDK. But third-party firms haven’t yet said anything about their plans to adopt the code. “Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch — or they will never be patched,” said Oligo’s CTO, Gal Elbaz.
Sweet home accessory, never been patched
It’s a fact that some third-party accessories might never be patched, which should make anyone with connected home or workplace smart accessories pay attention. That cavalier attitude is a problem waiting to happen, turning a seemingly benign little smart plug into a potential Trojan Horse hackers and other attackers can use to subvert the security of your home or business.
While this particular exploit might have been identified and mitigated against, there will be others, and in the absence of timely security updates for connected devices, let’s just say one day more connected access endpoints will be exploited.
Some might already have been compromised.
What can you do to protect yourself?
Assuming you make sure to install software updates as they appear, the next step is to monitor the devices you use. That means making a list of them, determine when they were made, and figure out whether the accessory manufacturer still supports them. If they do, it also means ensuring your device is running the latest available software updates.
What about devices that are no longer supported? It’s a judgment call, but if security is a priority, it makes sense to cease use of orphaned devices — security in the home or in the workplace is only ever as good as the weakest link. Devices that are not being kept up to date pose a risk to other devices on your network and the data they contain.
When it comes to installing new smart devices, I’m sure I’m preaching to the choir in saying there is a need to verify that any you do choose ship with solid software support. If they don’t have that, install a solution that does.
Finally, given that accessory makers will be seeking to build subscription businesses, it might make sense for them to combine together to create an app that verifies and updates deployed smart devices to flag any potential weaknesses and ensure the best possible security.
You can follow me on social media! Join me on BlueSky, LinkedIn, Mastodon, and MeWe.
Source link
-
-
-
-
-
-
-
-
