Symantec Cybersecurity here…
I’m working with one of our white hat hackers to create a position paper on IoT and security. As a smart home owner, we used my Smart Things to show him what could be controlled if my account was compromised. It’s not good.
You guys really need to turn on two-factor authentication immediately. This is a simple addition to your product that will make all users who enable it virtually unhackable, and would defend against the social engineering attacks mentioned above.
Regardless of SE attacks, with Shellshock (bash bug), Sandworm (OLE), Poodle (SSL), and the recent acquisition of usernames and passwords (including millions from gmail), my account could be compromised if someone tried my gmail as username, and one of my passwords that is probably floating around on the black market. Luckily, I use unique passwords on every website, but 99% of people do not.
I’m happy to bring some of my researchers in to help you guys, but really, just turn on 2FA and make sure your SSL certs are up to par (we can help with that too). It’s time for you guys to take security seriously. You can’t afford to be the next headline, and none of us will tolerate being hacked or burglarized for that matter.