IoT Cloud Tools Create Massive Vulnerability

Of the 50 devices that Symantec tested, 68 percent had related cloud services that allowed access via username and password. The cloud consoles offered various levels of monitoring and control ranging from controlling heating systems to tracking CO2 levels.

Symantec warns:

“Unfortunately nearly all of the tested IoT cloud services allow the user to choose weak passwords, such as “1234”. Even worse, many services prevent the user from using strong passwords with a sufficient level of complexity, due to unreasonable restrictions. One service, for example, restricted the user to a PIN code with a maximum length of four numbers. This makes it easy for any attacker that knows the user’s email address to brute-force their PIN code and take over their account.”