Today at CES, McAfee announced findings around two smart home devices: the McLear Smart Ring (aka NFC Ring) and Chamberlain’s MyQ Hub, a “universal” garage door automation platform, revealing an insecure design and a security vulnerability respectively.
McAfee’s Advanced Threat Research team regularly performs security analysis of products and technologies across nearly every industry vertical. In its analysis of the consumer space, the Advanced Threat Research team discovered an insecure design in the McLear Smart Ring, which is designed to be paired with an NFC enabled door lock so the user can access their house by simply placing the Smart Ring within NFC range of the door lock. Due to the product’s discovered insecure design, the ATR team determined that an attacker could easily clone the Smart Ring and gain entry to a home equipped with NFC-enabled door locks.
Similarly, a security vulnerability was found in Chamberlain’s MyQ Hub which is designed to bring more convenience and control to consumers via an IoT garage door opener. While McAfee ATR found that Chamberlain did a fairly good job of securing this device, it was discovered that there is a flaw in the way the MyQ Hub communicates with the remote sensor over radio frequencies.
ATR determined that it is possible for an attacker to “jam” the radio frequency signals while the garage was being remotely closed, which delivers an error messaging to the user, prompting them to attempt to close the door again via the app, which in reality, causes the garage door to open.
5 Security Tips for Consumers
· Practice proper cyber hygiene. Consumers need to take control of their digital and protect what matters most to them. Make sure that you update your passwords frequently and use an online password management tool.
· Do your research. Consumers should ensure they are aware of the security risks associated with products available on the market.
· Don’t share your account logins to give others access. Be stringent when it comes to sharing logins. While it can be tempting to share passwords to streaming services and social media, your personal login should remain personal.
· Use the “two-factor” option on your connected device. Implementing two-factor authentication can help halt a cybercriminal in their tracks. That’s because two-factor authentication adds an extra layer of protection to a device, since it requires access to a mobile phone in addition to a user’s login information.
· Keep your IoT devices up to date. Vulnerabilities in software do happen and having the latest firmware version will help reduce the risk of being compromised.