Smart home hardware and software has exploded in popularity recently, so much so that there are countless third-party brands popping up all over the place. When we say ‘third-party’, we mean a brand that is often lesser-known than the big players like Amazon’s Alex and Echo, and Google’s range of smart home products.
However, the problem with these smaller brands is that they rarely have the same level of security around them. As they’re lesser-known, people tend to hold them to lower standards than they might with Amazon or Google for example. As the below story highlights, you need to be wary of which smart home products you use and what they’re doing with your data.
Smart home software exposes data online
Orvibo is a Chinese company that manufactures at least 100 smart home devices. And much like any provider of such products, they use vast databases to store user data like passwords and email addresses. Usually, you’d find complex security measures surrounding such large sources of raw customer data.
However, it has been said that this company is storing much of their customers’ data within an exposed database that can be accessed by the public. This is suposedly the result of a misconfigured server that doesn’t require password authentication to access.
The flaw was discovered by security researchers at vpnMentor, who found that the exposed database stores customer usernames, passwords, email addresses, and even some location data. Though it was discovered in the middle of June 2019, it’s being reported that the problem still exists.
“The amount of data available from Orvibo’s servers is enorous. It’s also highly specific, which shows just how much data smart home devices can collect about their users.”vpnMentor 2019
Again, compare this with a major player like Google, who have recently had some security vulnerabilities found; the latter company usually fixes the flaws within the day or thereabouts. This further highlights the risks associated with lesser-known software brands.
VpnMentor have supposedly tried to notify the company on more than one occasion, but no response has been received at the time of writing. You can read VpnMentor’s full report here.
Choosing smart home products
Much like the explosion of smartphone popularity back in the noughties and 2010s, smart homes seem to be the ‘next big thing’. It started with basic products like lighting that you control with your voice, and it’s evolved into vacuum cleaners, fridges, and plug sockets that can turn any product into a smart product.
But there are still huge questions around smart home security that we have yet to answer. Time has taught us over and over again that new products are often adopted en-masse before the risks are truly known.
We’re not saying that all off-brand smart home products are poorly designed or supported by unsecured architecture. But you do need to be careful about choosing which products you incorporate into your smart home. If in doubt, stick with the bigger names until the tech becomes overall more established and the security risks become clearer.
If you have any questions around security on these or any other personal smartphones, laptops, and desktop computers, then get in touch with WiseGuys on 0808 123 2820. We’re a Which? Trusted Trader who offer maintenance plans that cover you and your personal devices, not just a single handset or computer.