The new version of Insteon Hub doesn't encrypt the traffic, and the password used for authentication can be easily decoded by an attacker who can intercept the traffic, Bryan said.
Furthermore, the password is based on a part of the device's MAC address. Getting a device's MAC address from the Internet is not possible, but it's easy to do from the local network, he said.
This means that if an attacker can break into a home's Wi-Fi network or into a local network computer, he can potentially gain access to an Insteon Hub device located on the same network.
Other devices that were found to have security issues included the Belkin WeMo Switch for power outlets, the Lixil Satis smart toilet, the Linksys Media Adapter, which is no longer being sold, and a radio thermostat.
Home automation systems are often connected to security devices, so they are part of the overall security of a home, Bryan said. Because of this, they should have security controls built into them, he said.
Companies that manufacture these systems are trying to get their products to market as fast as possible, and they often overlook security testing because it impedes that process, Bryan said. "I really hope that going forward, people will start to learn from these security issues, because it's very frustrating to me as a consumer to see products come out that aren't secure and I can easily break into, and then discover a large number of the same products on the Internet that have the same flaws."
Sign up for Computerworld eNewsletters.