The security firm Tripwire reported that its Vulnerability and Exposure Research Team detected several zero-day vulnerabilities in three of the top-selling smart home hubs available on Amazon that could leave users open to a wide range of dangers.
The potential breaches could allow an outsider to change alarm settings, open a home's locks, access the home's computer network or use the smart hub as a launching point for a DDoS attack. The actual hub exploit can take place through malicious web pages or smartphone applications.
“The threat is relatively low for now, but it will increase as malicious actors recognize how much information can be gained by attacking these devices,” said Craig Young, Tripwire's security researcher.
The companies involved were not named, but Tripwire said that two of the three have patched the holes, but the third vendor's product is still at risk.