Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Smart home hacking is easier than you think

Colin Neagle | April 6, 2015
Scary stories of hacking Internet of Things devices are emerging, but how realistic is the threat?

Internet of Things hack security smart home

Last March, a very satisfied user of the Honeywell Wi-Fi Thermostat left a product review on that shed some light on an unexpected benefit of the smart home -- revenge.

The reviewer wrote that his wife had left him, and then moved her new lover into the home they once shared, which now featured the Honeywell Wi-Fi thermostat. The jilted ex-husband could still control the thermostat through the mobile app installed on his smartphone, so he used it to make the new couple's lives a little less happily ever after:

"Since this past Ohio winter has been so cold I've been messing with the temp while the new love birds are sleeping. Doesn't everyone want to wake up at 7 AM to a 40 degree house? When they are away on their weekend getaways, I crank the heat up to 80 degrees and back down to 40 before they arrive home. I can only imagine what their electricity bills might be. It makes me smile. I know this won't last forever, but I can't help but smile every time I log in and see that it still works. I also can't wait for warmer weather when I can crank the heat up to 80 degrees while the love birds are sleeping. After all, who doesn't want to wake up to an 80 degree home in the middle of June?"

In the past year, more than 8,200 of the 8,490 Amazon users who have read the review deemed it "useful."

Colby Moore, a security research engineer at security firm Synack who has tested smart home products for vulnerabilities, says some of these products still feature the kinds of inherent vulnerabilities similar to the one described in that review. And even some of the devices that are capable of resetting users or credentials fail to make it simple enough for the everyday consumer.

"I would say on leading products, you can reset users, you can reset credentials and things like that," Moore says. "The problem is that some of this stuff starts to get kind of technical, and I think that's where a lot of these vulnerabilities come down, at least currently. The manufacturers don't design them securely, and rely on the end user to secure them."

For example, many customers don't even think to change passwords on smart home devices because they may not even consider them technology products that can be hacked like a PC. That's how more than 73,000 internet-connected cameras were found to be streaming their footage on the web in November. Customers never changed the default passwords, many of which are available online as basic product information, and unwittingly allowed hackers to stream the private footage from cameras that they had initially purchased to feel safer.


1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.