Amazon Smart Plug
From Wiki-IoT
Classification
| Amazon Smart Plug | |
|---|---|
| Classification | |
| Grade | A- |
| Calculator version | [[:Category:Calculator v|]] |
| Classification date | |
| Information | |
| Name | Amazon Smart Plug |
| Brand by Parent | Amazon by Amazon.com, Inc. |
| Generation | 2 |
| Model(s) | B089DR29T6 (Current US Model) |
| Release date | 2018-09-12 |
| Type/Category | Smart Plug |
| Website | [1] |
| Status | In sale |
| More | |
| Dimensions | 76.2 x 38.1 x 55.9 mm |
| Mass | 86g |
| Operating system | Proprietary |
| Companion App | Amazon Alexa App |
| CPU | |
| GPU | N/A |
| Memory | |
| Storage | |
| Battery | None |
| Power | Plugs into a standard electrical outlet |
| Charging | N/A |
| Display | None (has a single LED indicator) |
| Camera | None |
| Sound | None |
| Connectivity | Wi-Fi IEEE 802.11 b/g/n, 2.4 GHz, Bluetooth Low Energy (for setup) |
| Device | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Known hardware tampering | None | [2] | No public reports of specific hardware tampering vulnerabilities. As a simple, sealed device, physical attacks are not a primary threat vector for remote exploitation. |
| Known vulnerabilities | Rare | [3] | A vulnerability was discovered in 2020 that could expose the user's Wi-Fi password. Amazon patched this via an automatic firmware update. This demonstrates a history of vulnerabilities that are addressed by the vendor. |
| Prior attacks | None | [4] | While vulnerabilities have been found by researchers, there are no documented cases of these being used in widespread, successful attacks against users. |
| Updatability | Very common | [5] | Firmware updates are pushed automatically by Amazon over-the-air. The user does not need to take any action, ensuring security patches are applied in a timely manner. |
| Category score | 2 | ||
| System | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Authentication with other systems | Full | [6] | Deeply integrated into the Alexa ecosystem. Authentication is handled via the secure Amazon account and can be used in routines and commands with other Alexa-compatible devices. |
| Communications | Encrypted with up-to-date encryption | [7] | The plug connects to the local network using WPA2. All communications with the AWS (Amazon Web Services) cloud are encrypted using Transport Layer Security (TLS). |
| Storage | Encrypted with up-to-date encryption | [8] | The device itself stores minimal data. All configuration, schedules, and state information are stored securely and encrypted in the AWS IoT Core cloud platform. |
| Category score | 1 | ||
| User Authentication | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Account management | Full | [9] | Managed entirely through the user's Amazon account, which provides robust options like password management, viewing logged-in devices, and enabling Two-Step Verification (2FA). |
| Authentication | Secure | [10] | Access is controlled via the Amazon account login. Enabling Two-Step Verification (2FA) on the account provides a secure authentication method for controlling the device via the app. |
| Brute-force protection | Exist | [11] | Protection is handled at the Amazon account level. Multiple failed login attempts will trigger CAPTCHAs, account lockouts, and notifications, effectively protecting against brute-force attacks. |
| Event logging | Partial logging | [12] | The Alexa app's Activity section logs voice commands used to control the plug. However, it does not provide a specific security log detailing which user or device triggered a manual on/off event via the app. |
| Passwords | Require change after setup with complexity requirements | [13] | The device itself has no password. It is controlled by the Amazon account, which requires a user-created password with certain complexity rules upon registration. There are no default credentials. |
| Category score | 2 | ||
| Grade | A- |
|---|
