Pradeo Lab looked at a representative sample of 100 mobile applications used to control a variety of IoT devices, including thermostats, electric blinds, and baby monitors. An alarming 80% of the tested apps contained vulnerabilities, with an average of 15 flaws discovered per application. 15% of those vulnerabilities could lead to a man-in-the-middle attack, say researchers. 8% of applications (approximately one in 12) phoned home or connected to uncertified servers. Some have expired and are available for sale, opening opportunities for a malicious actor to buy them up in order to access any data received.”]