[SMART HOME] Orbivo’s data is leaking!

      The Chinese manufacturer of connected home devices has been the victim of a leak of confidential data from its users since mid-June 2019. The SmartMate platform is operated by Orvibo and manages the connected household appliances and connected materials for the home (cameras, bulbs, locks…). Orvibo therefore misconfigured one of its servers that contained connection details to all connected objects. This server remained connected to the Internet and was accessible without a password. This leak was identified in mid-June by vpnMentor. Although the latter has contacted the Chinese manufacturer, Orvibo remains silent and the server remains freely accessible. In addition, updates are also made with new confidential user data. The data involved are similar to emails, IP addresses and even encrypted passwords. The latter do not only come from China, but from all over the world. Finally, according to vpnMentor, said the encryption is easy to decipher and that the devices can be controlled remotely. In addition, the server contains password reset request codes, allowing hackers to access user accounts.