"Smart home" devices are becoming more common -- but not all of them are equipped with proper security, say experts.
But what about a hackable front-door lock, motion detector or security camera?
The bluetooth-controlled
Satis smart toilet was just one of the many connected devices that
security researchers hacked at the Black Hat and Def Con computer
security conferences in Las Vegas this week. They also opened front door
locks, hijacked power outlets, took over the hubs that coordinate all
the home-automation devices, and did some very creepy things with a toy
bunny.
Manufacturers are rushing
to connect everyday objects around the house to the Internet so people
can do things like control them with smartphones. It's already possible
to remotely turn lights off and on or put them on a timer. Motion
detectors can be connected to alarms, windows can text you when they're
opened, thermometers will know when you're home or away and adjust the
temperature accordingly. You can see a live stream of security cameras
in your house from halfway around the world using mobile apps.
There's even an oven that can be controlled with an Android app.
These devices are
commercially available now and they're making the smart home of the
future a reality, but researchers warn that security for these devices
isn't being taken seriously enough by manufacturers or the people buying
them.
The Jetstons never had to worry about an attack that turned Rosie the maid into a remote surveillance device, but we should.
In 2012, 1.5 million home
automation products were shipped in the U.S. That number is predicted
to soar to 8 million by 2017. One of the most popular wireless standards
for these home automation devices is Z-Wave, and an estimated 5 million
Z-Wave devices will be shipped this year in the United States.
A bunny goes bad
Security researchers say
that connecting anything to a network opens it up for attacks, and
they're eagerly testing smart devices to find flaws and inform
manufacturers.
Software engineer
Jennifer Savage bought a cute bunny toy called Karotz for her daughter.
The plastic bunny can be controlled from a smartphone app and is
outfitted with a video camera, microphone, RFID chip a speakers. After
testing the security of the toy, Savage was able to take control of the
it from a computer and remotely watch live video, turning it into an
unwitting surveillance camera.
The most obvious threat
seems to be home security devices. A smart door lock is designed be
opened with a PIN code or an app. Using a smartphone, you can change the
code from anywhere -- great for people with heavy Airbnb traffic.
At a Black Hat session,
Daniel Crowley demonstrated how a third party can hack into a front-door
lock and open it from a computer. He then asked for a random four-digit
number from the audience and successfully changed the lock's code.
Crowley says that smart-lock technology is still way too immature to
trust.
"If someone breaks into
your house and there's no sign of forced entry, how are you going to get
your insurance company back?" he said.
In another talk, Behrang
Fouladi and Sahand Ghanoun demonstrated a hack that opened a smart lock
that used the Z-Wave protocol. They said that these types of attacks
were difficult to detect and don't leave much of a trail and said that
by keeping their standards closed, Z-Wave made it difficult for security
researchers to find and report flaws early.
Many manufacturers were
responsive to the discoveries and are working to address the security
flaws. But as a stream new connected devices continues to pop up in
homes, so will new security holes.
Without increased
attention to security of connected devices, burglars of the future won't
need crowbars and ski masks. They could monitor your home network or
security cameras to see when you are out of the house, disable any
motion detectors and pop open the front door with a few lines of code.
My relatives always say that I am killing my time here at net, except
ReplyDeleteI know I am getting experience everyday by reading thes nice posts.
My website ... home foreclosures