Smart homes that let residents control alarms, locks and more over the internet are opening doors for crooks with hacker skills, according to computer security specialists.
Smart homes that let residents control alarms, locks and more over the internet are opening doors for crooks with hacker skills, according to computer security specialists."The smart home trend is growing, and it evolves quickly into a story of security,"says Trustwave Managing Consultant, Daniel Crowley."Connecting things to a network opens up a whole range of vectors of attack, andwhen you are talking door locks, garage doors, and alarm controls it gets scary."Crowley and Trustwave colleague David Bryan found security "pretty poor" on the homenetworking devices they studied."If someone can access your home network, but doesn't have a key to your home, theycan still unlock your door and get in," Crowley said of what he found in gear on themarket.Trustwave researchers will share their findings Thursday with peers at a the BlackHat security conference in Las Vegas and at the infamous Def Con hacker gatheringtaking place in that city through the weekend.A vulnerability of particular concern to the researchers was that once hackersjoined local home networks, perhaps through poorly protected wireless routers orusing malware slipped onto computers, they could control devices with no password orother authentication required."The fact that you need to be on someone's local network to exploit these things isnot as big a hurdle as you'd imagine," Crowley said.And the trend of providing people with smartphone applications for controlling smarthome devices while away means that crooks who hack into handsets could potentiallygrab the reins, according to the researchers.There are also ways to use computer "IP" numbers to figure out real-world addresses,and some smart home applications, themselves, reveal location information, accordingto Trustwave.Combing that capability with hacking tools could put an Internet age twist on homeburglaries, the researchers said."I don't think this will be something that enables the ordinary criminal to dosomething they weren't doing before," Crowley said."The big risk is that a compromise could give you access to hundreds of thousands ofhomes all at once; I could see that as an attack someone could actually use tolaunch a crime spree."