IoT Flaws Reveal Need to Work with Researchers

Two new vulnerabilities within IoT devices could have given cyber-criminals direct access to the personal data and home networks of consumers, according to McAfee Labs. At the Mobile World Congress (MWC) in Barcelona, Spain, McAfee’s advanced threat research team revealed new vulnerabilities in both BoxLock and Mr. Coffee coffee makers, demonstrating the need for consumers to be aware of the cyber risks inherent in the connected devices they bring into their lives. BoxLock, a smart padlock designed to protect deliveries, reportedly had a vulnerability that enabled hackers to remotely unlock the device. Researchers revealed that they were able to open BoxLock using the built-in barcode scanner using Bluetooth Low Energy (BLE), a wireless technology used in many IoT and smart devices. “I was amazed; the phone that I used to send the GATT command over had never connected to the BoxLock before and did not have the BoxLock application installed, yet it was able to unlock the BoxLock,” wrote Sam Quinn, security researcher, McAfee.