McAfee’s Advanced Threat Research (ATR) team has uncovered two security issues in Chamberlain MyQ Hub, a garage door automation platform, and McLear Smart Ring.
McAfee ATR discovered an inherent flaw in the way the MyQ Hub communicates over radio frequency signals, which could allow an attacker to manipulate the state of a connected garage door; and the McLear Smart Ring can be used to interact with NFC enabled door locks; once paired with a lock, a user can gain entry simply by placing the ring within NFC range of the device.
In the era of IoT, the balance between security and convenience is an important factor to get right. While the evidence of IoT security improvements is encouraging, the simplicity and level of convenience necessary for products to garner consumer adoption can impede this necessary security evolution. Details of the security flaws below:
Chamberlain MyQ Hub, a garage door platform
Attackers could “jam” radio frequency signals while the garage was being remotely closed, which delivers an error messaging to the user, prompting them to attempt to close the door again via the app, which in reality, causes the garage door to open.
McLear Smart Ring
McAfee ATR discovered an insecure design in the McLear Smart Ring that could allow an attacker to easily clone the ring and gain entry to a consumer home.
McAfee ATR urges consumers to be vigilant by educating themselves on the potential security implications of the devices they have in their homes and prompts manufacturers to clearly state the level of security their products provide as well as embrace vulnerability disclosure.