Smart devices are quickly moving out of our hands and laps and surrounding us in our homes. In 2012, the home automation market was worth $1.5 billion, and is only expected to grow. There’s an undeniable convenience these devices offer consumers by controlling things, like the temperature of a home from a smartphone. But like all things connected to the web, smart home devices are equally susceptible to the same kinds of attacks as home computers.
The news has documented a few cases of devices overtaken by nefarious individuals. These attacks have exposed some lax security measures taken by companies, and hopefully it will make consumers more aware before connecting their devices into the “Internet of Things.”
Luckily, there are companies looking out for consumers. Various security conventions, like Def Con and Black Hat, have allowed researchers to test and expose flaws within smart home systems and devices. Flaws that are user-related (i.e. no username/password on Wifi networks) as well as on the product side.
In Ohio, a couple awoke to a man’s voice; it was coming from their child’s room. The mother checked her phone, which had an app connected to the baby camera. The video feed showed it was moving, and she wasn’t moving it. Running to her child’s bedroom with her husband, they heard a man screaming “Wake up baby” over and over. Then the camera pointed to them and the man at the other end started shouting at the disoriented parents.
A diabetic and geek found that he could manipulate his insulin pump remotely – a dangerous notion if the information was in the wrong hands. Thankfully, an attacker targeting his particular insulin pump would need to be within 200 feet of him to trigger the pump with a radio signal, and to physically access the pump to obtain the serial number. However, the author warns about future insulin pumps under the “Artificial Pancreas Project” that would be completely based on a computer program. He believes it’s a “a step in the right direction for the treatment of diabetes. The security, however, around the devices should be looked at more closely and it should not be done as an afterthought.”
Trustwave SpiderLabs Security found that it could access the LIXIL Satis Toilet. The team found that so long as you have the “My Satis” Android app, they could pair with and control any Satis Toilet over Bluetooth. While this is small potatoes compared to hackable medical devices, in the wrong hands it could still result in some uncomfortable surprises with the bidet and a high water bill.
Belkin WeMo Home Automation
Belkin’s WeMo Home Automation system connects to the internet, so you can control just about any of your home electronic devices while you’re abroad. These devices include LED bulbs, light switches, outlets, baby monitors, motion sensors, slow cookers, and more. While only a legitimate user should be able to access and control these Internet of Things, a team at IOActive found that there are severe security flaws — enough that they were able to take full control of any of the devices within Belkin’s WeMo family.
Insteon home electronics
What happens when a company doesn’t require a username and password for a system? It gets hacked. Kashmir Hill, a reporter at Forbes, “haunted” a few people’s homes, calling them to confirm that she could indeed turn their lights on and off. She could have gone further, accessing everything from TVs to garage doors. This invasion was all achieved by a simple Google search for these systems, revealing a list of homes of which she was able to access eight.