An investigation by Consumers’ Association has found over a thousand cheap smart gadgets replete with security and privacy issues on popular online marketplaces, in the run up to Black Friday.
Following the discovery, UK’s Which? is urging consumers to be cautious and keep an eye out for security-risk products when shopping for connected tech products.
According to the investigation, Which? found over 1,800 smart gadgets including smart doorbells, wireless cameras, smart alarms and tablets, which shipped with apps that were found to have inadequate security protections, and could leave users exposed to hackers or infringement of their data privacy.
The products were found on popular online stores including AliExpress (1,461), eBay (288) and Amazon Marketplace (90).
Caveat emptor
In its investigation Which? discovered 112 Android tablets on AliExpress and eBay, many of them marketed for children, that were powered by unsupported versions of the mobile operating system. In fact, some of them had not received a security update for more than seven years.
Which? also found that just four apps, namely Aiwit, CamHi, CloudEdge and Smart Life, powered 1,727 different products. Working with cybersecurity experts from 6point6 and the NCC Group, Which? found security issues in all the apps.
Password security was one of the issues with the apps using weak defaults that could potentially allow hackers to view live footage on a smart doorbell or a wireless camera, Which? argued.
“While there are no laws currently mandating a certain level of security and privacy protection in smart products, some of the flaws Which? found would be made illegal under new legislation currently being planned by the UK government. Its Product Security and Telecommunications Infrastructure Bill is expected to be introduced to parliament in the coming months,” Which? notes.
Stay safe online with the best ID theft protection tools
