Nerd For Tech
Published in

Nerd For Tech

Orvibo Data Breach

Threat Intelligence Report

source

The amount of IoT devices is growing at an exponential rate along with the specific user data collected by these devices. Smart home devices are projected to be 1.94 billion by year 2023. (Pymnts) The internet of things (IoT) provides several benefits such as convenience, improved operation processes, data collection and more. IoT devices are flooding the marketplace and do not have proper security implemented into the data storage, software, and hardware. This is a rising security and privacy concern for users and businesses. The purpose of this report is to focus on the details of the 2019 Orvibo data breach. The presentation will cover an outline of Orvibo as a company, data breach details, discovery, and what can be done to prevent this from happening again.

The Chinese smart home manufacture Orvibo is based out of Shezen, China. The company manufactures 100 different smart home or smart automation products such as security cameras, smart locks, HVAC, and full smart home kits. (Rotem) Orvibo runs a platform for managing all the smart home devices. Orbivo has impacted the smart device market by its innovative products and services. The products are primarily used in homes, hotels, and businesses. The data breach leaked over 2 billion records. The records include users from all around the world including the US and UK. (Pymnts)

The data breach was discovered by researchers at virtual Private Network (VPN) and vpnMentor. They discovered a publicly available database that belonged to Orvibo. Despite several attempts to contact Orvibo since June 16, 2020, the database was not closed till July 2, 2020 and later patched. The incident occurred because the internet-facing-database platform SmartMate was not password protected. The data was easily accessible and contained email addresses, account reset codes, usernames and passwords, smart device info, and precise geolocation. (Rotem) The data stored within SmartMate was not properly stored allowing for attackers to easily decrypt the user data. “A breach of this size has massive implications because much of the data can be pieced together both to disrupt a person’s home while possibly leading to further hacks” (Ashford).

The use of data IoT devices are only going to increase in the future. There is significant potential revenue for IoT devices and services, but it is important to take the proper security precautions in order to protect customer data, business reputation, and to ensure financial stability. It is crucial to properly secure servers and all internet facing infrastructure. Proper access rules need to be implemented and data should be stored properly. It is recommended to change all default password and usernames for all applications and services and implement industry best practices. This data breach could have easily been prevented if proper security measures were put into place. A security incident similar can have business affects. For example, if the operating equipment or security systems are compromised, the entire business network can be taken offline leading to a direct loss in revenue and customer trust. The probability of a data breach occurring is increasing due to online cloud infrastructure and business operations, manufacturing, and monitoring being controlled remotely. Proper implementation of secure IoT devices within a business is crucial to prevent and mitigate damages if a data breach were to occur.

Sources:

Ashford, Warwick. “Orvibo Data Leak Puts Security Spotlight on IoT Back End.” ComputerWeekly.com, ComputerWeekly.com, 2 July 2019, www.computerweekly.com/news/252466128/Orvibo-data-leak-puts-security-spotlight-on-IoT-back-end.

Pymnts. “Smart Home Device Sales To Hit 1.94B By 2023.” PYMNTS.com, PYMNTS 60 60 PYMNTS.com, 7 June 2018, www.pymnts.com/news/retail/2018/smart-home-device-sales-smartphones-analytics/.

Rotem, Noam, and Ran Locar. “Report: Orvibo Smart Home Devices Leak Billions of User Records.” VpnMentor, VpnMentor, 2019, www.vpnmentor.com/blog/report-orvibo-leak/.

vpnMentor. Report: Orvibo Smart Home Devices Leak Billions of User Records, VpnMentor, July 2019, www.itbusinessnet.com/2019/07/report-orvibo-smart-home-devices-leak-billions-of-user-records/.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Tanner Jones

Tanner Jones

I am passionate about technology and I am curious of how things work. I write to learn and help others learn about a variety of topics. I love the outdoors!