SAN FRANCISCO – Hackable Internet of Things (IoT) devices are on full display this week at the RSA Conference 2020. They include everything from baby monitors to Wi-Fi chips. One such device is a connected vacuum cleaner, the Trifo Ironpie M6. According to researchers with Checkmarx, the vacuum has several high-severity flaws that open the device to remote attacks. Those include a denial of service (DoS) attack that bricks the vacuum, to a hack that allows adversaries to peer into private homes via the vacuum’s embedded camera.
Speaking to Threatpost at RSAC was Erez Yalon with Checkmarx who warns that consumers should re-think buying smart home devices with potentially invasive cameras. He cautions, the IoT marketplace continues to have worrying security issues.
“The awareness from the user side is particularly important,” he said. “The general story here is about consumers deciding to add another camera in the house. Obviously we want more convenience. The price we pay is privacy, maybe we need to stop and think again.”
[For Threatpost’s complete RSA Conference 2020 reporting, please visit our special coverage section, available here.]
