Smart Doesn’t Equal Secure: The Orvibo Leak and Security in IoT Devices

By 2025, the amount of IoT devices is expected to expand to a whopping 21.5 billion. 21.5 billion devices that are constantly connected to the Internet while containing information that you may deem personal. It’s scary, but kind of cool. My fridge can know my name! Completely useless but awesome at the same time!

Orvibo AllOne

photo credit: YouTube


However, the carrying of your personal information should ring some alarms in your head. How much do you actually know when it comes to how your Alexa or smart toaster works? Do you know what information it’s collecting? How it’s collecting the information?

Probably not. It’s not something that Amazon or Google are quick to advertise. However, there are people who do know the information that’s being collected, and some of these people see an opportunity for personal gain. Your information is about to become theirs, and this is where Orvibo enters the room.

1. Orvibo, the Company You Didn’t Know Existed

A couple of hacktivists from vpnMentor, Noam Rotem and Ran Locar, discovered that there has been a massive breach concerning user records stored by Orvibo, a management platform dedicated to IoT devices.

This type of story happens all the time, but it’s the details that turns this story from yet-another leak story to a horrifying piece of journalism.

According to the two hacktivists, Orvibo left a user database open to the public Internet without a password requirement. You didn’t need a password to open a whole user database!

If that wasn’t bad enough, it turns out that this user database over two billion logs of data. This data varies, ranging from simple account reset histories to conversations that had been recorded by a smart camera.

Let’s hold off on the pitchfork and torch march for a secondand look at who Orvibo is and what an IoT-management platform actually does.

2. Managing Expectations

The Internet of Things works on the basis that everything is connected to a cloud. These clouds make up a web of devices, which becomes the Internet of Things. No cloud, no web, which means no Internet of Things.

Orvibo claims to have over a million users on their platform, so it’s strange that we may have never heard about them until now. Then again, no one really pays attention to the behind-the-scenes of products, only the final product.

Orvibo has attempted to market themselves as better than other clouds by bragging about the safety of the data that passes through their cloud. Turns out, they may need to rebrand themselves a bit.

3. Security of IoT Devices

Orvibo’s slip-up is huge, but it would be idiotic to say that it will be the last, or even the biggest. IoT devices have been heavily criticized for the lack of good security implementation, and Orvibo is only one example.

Remember the statistic I mentioned earlier? The one about there being 21.5 billion IoT devices by 2025? Imagine there being that many devices, constantly collecting and storing data, all without proper security implementations.

The main issue is that there’s not really a standard for security in the Iotindustry. The only reason security has become improved on phones or desktops is because OS developers like Microsoft or Apple worked to create a standard of security and privacy that can be improved upon. IoT is missing that; there’s no structure in how security is set up.

Of course, this leads to incidents like Orvibo’s. As the number of IoT devices grow, so does the number of our concerns. We’re entering a world where a good password and reliable VPN router setup can’t protect you from most dangers. Devices are getting smarter, and so are the cybercriminals that study them. It’s important that we stay ahead of the game, but companies have to do it first. Keep that in mind.


Leave a Reply

Your email address will not be published. Required fields are marked *