Start-up type companies are focused on functionality before anything else, and usually do not invest a lot in securing their products

Rapid 7 has discovered  IoT vulnerabilities within the home with two new disclosures in two different smart home systems designed to connect various home products and manage automation: Insteon Hub  and Wink Hub 2.

Commenting on this, Ofer Maor, director of enterprise solutions at Synopsys, said: "These recent vulnerabilities, alongside many others discovered for different IoT products, are a good indication of the problem we’re facing with the increased adoption of smart home devices. Unlike traditional enterprise solutions coming from a relatively small list of large companies investing substantial resources in security, there is now an influx of smart home device manufacturers, with many of them coming out of the garage door they wish to control.

"As is common with smaller, start-up type companies, these companies are focused on functionality before anything else, and usually do not invest a lot in securing their products. The vulnerabilities identified by Rapid 7 are a fine example of this – for the most part they are not a “bug” or “developer mistake” but rather a lack of security architecture and design in the product.

"This threat becomes even worse as we look at the potential clients. Today, even start-up companies selling to large enterprises are expected to hold reasonable security practices, with most enterprise customers performing security tests before procuring new solutions. But when selling to the consumers, there is rarely anyone to check or validate the security and safety of such solutions. Therefore we can expect a continued (and increased) flow of vulnerabilities followed by exploits of smart home devices in the coming years."