Skip to content
Menu
Apfelphone
  • Smartphones
  • Gadgets
  • Headphones
  • Electronics
  • Tech Update
Apfelphone

How smartphones became IoT’s best friend and worst enemy

Posted on December 8, 2020

These days, you’d be hard-pressed to find connected devices that do not come with companion smartphone applications. In fact, it’s very common for contemporary devices to offload most (if not all) of its display to the user handset.

smartphones IoT

Smartphones and the rise of IoT

Relying on the ubiquity of smartphones and the rise of remote controls, users and vendors alike have embraced the move away from physical device interfaces. This evolution in the IoT ecosystem, however, brings major benefits AND serious drawbacks.

While users enjoy the remote capabilities of companion apps and vendors bypass the need for hardware interfaces, studies show that they present serious cybersecurity risks. For example, the communication between an IoT device and its app is often not properly encrypted nor authenticated – and these issues enable the construction of exploits to achieve remote control of victim’s devices.

How the industry got here

It is important to explain that connected devices have not always been this way. I’m sure others like myself do not need to cast their minds far back to remember a time when smartphones did not even exist. User input during these halcyon days relied on physical interfaces on the device itself, interfaces that typically consisted of basic touch screens or two-line LCD displays.

Though functional, these physical interfaces were certainly limited (and limiting) when compared to the applications that superseded them. Devices without physical interfaces are smaller, consume less power, and look better. Developers, meanwhile, enjoy the relative ease of creating an app – with the additional support of software development kits – instead of manually programming physical interfaces. Perhaps most importantly, it’s many times cheaper for vendors to create devices with companion apps than to create devices with physical interfaces.

All that is without even starting on the benefits of remote connectivity! Smartphone apps enable users anywhere in the world to set the temperature of their air conditioning and record from their home security webcam with the click of a screen. These apps are simply much more expressive and intuitive than physical interfaces, enabling users to customize what they like from wherever they are. On the other hand, however, it is this element of remote connectivity which presents the compromise between usability and security.

The dangers of device companion apps

Unfortunately, the majority of companion apps have the potential to open devices to bad actors. Researchers last year found that about half are potentially exploitable through protocol analysis since they use local communication or local broadcast communication, thus providing an attack path to exploit lack of crypto or use of hardcoded encryption keys. Further, this study into companion apps from some of Amazon’s most popular devices found a lack of encryption in one-third of cases and the use of hardcoded keys in one-fifth of cases.

These findings were confirmed in another study where researchers tested more than 2000 device companion apps for security faults. The researchers found more than 30 devices from 10 vendors relied on the same cloud service to manage their devices, with the cloud service reporting security weakness that previously allowed attackers to take full control by device ID and password enumeration.

To make matters worse, there is little incentive for vendors to release fixes when vulnerabilities are uncovered. Most vendors in this space are small and medium-sized businesses that lack the budget for software quality control and security best practices. This issue is only exacerbated by the relative inexpensiveness of the devices they sell, meaning that vendors simply do not have the resources necessary to implement security best practices like monitoring agents or authentication hardware.

What users must do

The good news is that secure communication between a device and an app is possible. For example, EZVIZ smart home security applications support local communication between the companion app and the device over the local network. The shared encryption key is enclosed in the device box in the form of a QR code and must be scanned by the companion app. This strategy is better than hardcoded keys, provided that the key in the QR code is of sufficient length and randomness.

Another security workaround is possible to ensure that commands between the client and the device cannot be intercepted by a third-party. Peer-to-peer is a private connection type used by German smart heating and cooling provider SOREL to ensure its smartphone app communicates without interference. Moreover, the connection offers the company minimized risk since end users only manage their data on their device.

The bad news is that users today remain at the mercy of the vendors. There is currently no legislation that requires device makers to ensure that their devices or companion apps implement certain cybersecurity protocols. As we have seen time and again, vendor indifference to cybersecurity consistently results in subpar security protocols.

Therefore, the onus is on users to take extra cybersecurity steps in this context of vendor ambivalence. Until legislators catch up or manufacturers begin to implement stricter security protocols for their devices and apps, users will need to take matters into their own hands to make certain that the devices they bring into the workplace or the home are safe from outside forces. While the benefits of companion apps are clear, it is only the user who can prevent the worst dangers of these digital interfaces from becoming reality.

Recent Posts

  • Syarat Vaksin Covid 19 dan Fitur di SehatQ.com untuk Menunjang Kesehatan
  • iphone 12 clear screen with attractive bangs
  • Vivo: Smartphones, AR/VR Glasses, and Robots will be inevitable in building a 6G network
  • Studio Headphones For Professionals That Offer Exceptionally Detailed Sound | Most Searched Products
  • Motorists’ smartphones may help highways bosses keep roads safe

Archives

  • April 2021
  • January 2021
  • December 2020
  • November 2020

Categories

  • Electronics
  • Gadgets
  • General
  • Headphones
  • Smartphones
  • Tech Update

Jasa Menaikkan DA

About Us

  • Advertise Here
  • Privacy Policy
  • Contact Us
  • Sitemap

Partner links

  • Partner links

  • ©2021 Apfelphone | WordPress Theme by Superbthemes.com
    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
    Cookie settingsACCEPT
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
    Necessary
    Always Enabled

    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

    Non-necessary

    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

    SAVE & ACCEPT