The WiFi network in our home is as secure as the most insecure device on the network. If we buy a Chinese WiFi plug for just 5 euros, it will be difficult to guarantee that it is up to date with updates against vulnerabilities. Therefore, using them can expose us to all kinds of attacks, and a group of researchers has shown how dangerous they can be; even if we buy them from official manufacturers.
Specifically, the cybersecurity company A&O IT Group has analyzed two cheap smart plugs that can be easily purchased in online stores: the Sonoff S26 and the Ener-J WiFi . These smart plugs are found in stores such as Amazon, eBay or AliExpress , where they can be purchased for as little as 8 euros.
The manufacturer gives the PSK key
Despite being from reputable brands, the group of researchers has discovered that it is possible to obtain the WiFi password of the network to which they are connected because the sockets communicate with the router using port 80 . They also send unencrypted HTTP traffic , and use easy-to-guess factory passwords.
In fact, not only are the default passwords easy to guess, but they are also provided by the company itself. The encryption that the Sonoff S26 uses is WPA2-PSK . The researchers looked for the PSK key, and found that in the guide of a Sonoff Basic , which uses the same app eWeLink to connect to the WiFi network, there was the password: 12345678 . And that with PSK you can have passwords of up to 63 characters.
With this, any attacker can obtain the WiFi signal emitted by the socket and connect to it, not even having to crack the password with a powerful graphics card. Added to that is the sending of unencrypted information through port 80, where they also sent the SSID and the PSK key of the WiFi network in plain text.
The plug can allow them to control your whole house
By obtaining the key of the WiFi network, attackers can connect to the target’s network to carry out all kinds of malicious activity by introducing malware and exploiting vulnerabilities, such as obtaining files, capturing the webcam, controlling other household devices, or add devices to become part of a botnet.
The attack can become really dangerous if the user has, for example, a smart door to enter the house, where the attacker can open it and also know if there are people at home checking the security cameras , so you can do a very clean robbery.
The group of researchers has notified Sonoff and Ener-J of the vulnerabilities in their smart plugs, but the companies have not yet responded. As a workaround, it is best to disconnect the devices. In the case of wanting to continue using them, the best thing is to create a guest WiFi network exclusively oriented to IoT devices. That way, they will be isolated from the main connection, and the number of devices that a potential attacker can access is reduced to a minimum.