Researchers have shown that it is -easily- possible to trick Vizio’s smart TVs in accepting a man in the middle attack on the data stream that flows between a service run by Cognitive Networks to feed maliciously placed ads on the screen of unsuspecting home cinema owners.
This article published by net-security.org, highlights the simplicity, which is striking. It also highlights the risk everyone running any “smart” devices is being exposed to.
Not only malicious intentions, but also commercial ones have been shown by the researchers. The wealth of information about the usage is being sent to a service in encrypted form, so even if the owner tries advanced methods to find out what is being communicated about him to services he is not being informed about (the pilfering is turned on by default in these TVs), he would not be able to understand it easily.
“The bad news is that, while IoT devices proliferate, most manufacturers are still not serious about security. Vulnerabilities such as these should have been found and fixed by their team in the first place, and not found later by researchers.”
Indeed. In this particular case, the developers have actually gone quite far in hiding their activities from the user.
For a serious vendor, a fair way of making sure security is taken into account is by introducing the most senible principle into the development: Building in security from the start, not bolting it on afterwards.
In Shinetech, the white-label IoT developer we are working with since 2012, this awareness is introduced into the embedded/IoT development center of excellence, which is built on agile principles. We would assume Shinetech to be one of the early adopters of the secure agile development cycle.