Skip to Content
© Ian Allenden |
Security & privacy

Warning: Hackers can crack these cheap smart plugs and worm into your network

Connected devices and smart gadgets can turn an ordinary home into technological heaven. Switching on all the lights in the house has never been so easy. Remotely turning up the cool breeze from a connected fan is bliss. Tap or click here for 11 smart home gadgets you’ll actually use.

Several companies like Google, Samsung and TP-Link manufacture a wide range of smart plugs, light bulbs and sockets. As with most name-brand products, these tend to be of higher quality than the unknowns.

Technology used inside smart gadgets isn’t that complex either, which has spurred an industry for cheaper plugs and lights. But cheaper doesn’t mean that it’s made to the same standard — especially when it needs to connect to your home’s Wi-Fi network. In fact, some are downright dangerous.

Here’s the backstory

Security firm A & O IT Group analyzed several smart plugs and discovered that some could harbor unseen threats to your home network. Most people won’t think for a second that hackers can access their network through a connected plug behind the couch.

But that is exactly what the company unveiled. Before running several tests to determine how secure a smart plug really is, A & O immediately found a flaw. The default passwords for the devices they tested, the Sonoff S26 and the Ener-J WiFi, were extremely weak.

And that was just the start. They also discovered that:

  • Malicious firmware could be installed on the units.
  • Unencrypted traffic between the smart plugs and mobile devices.
  • Easy to capture the credentials of the network.
  • Weak default passwords like 12345678.

Once an attacker breached the network, they can connect to other devices in your home and view your photos, videos and personal details.

Beware before you buy

Most of the products available, including the two devices from the test, are easily bought online. This poses a huge threat for consumers, as hackers can modify the devices and resell them.

“Cyber criminals could very easily buy thousands of these devices, install malicious firmware, and list them on eBay for a little cheaper than the other suppliers. Every one of them purchased would then provide access to a new Wi-Fi network from which they could launch cyberattacks without the fear of being caught,” explains Richard Hughes, head of technical cybersecurity at A&O IT Group.

Not sure what to do now? There are safer plugs on the market which we recommend:

  • Amazon Smart Plug: A solid choice, but a little steep at $24.99 each. Around the holidays and other events, it can drop to $5 when bought with other Amazon products.
  • Kasa Smart Plugs: You can get a 4-pack of these reliable smart plugs for roughly the same price. Or you can grab a 2-pack for less.
  • Gosund Mini Smart Plug: At less than $10 each, these are a steal with thousands of positive reviews.

By clicking our links, you’re supporting our research. As an Amazon Associate, we earn a small commission from qualifying purchases. Recommendations are not part of any business incentives.

Keep reading

Review: An affordable outdoor smart plug that ticks all the boxes

Warning! These smart plugs can be hacked and start fires

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days