Hacking the “smart” home

On TV, advertisements show people using their mobile devices, including Smart Phones and iPads, to unlock doors, monitor cameras inside homes, and change settings on appliances inside homes so conveniently.

Being promotional pieces, they do not reveal the downsides.

Former CIA director James Woolsey said in 2011,

What they’re doing now, they’re constructing what they call a “Smart Grid.” And they’re going to make it easier for you and me to call our homes on our cell phone and turn down our air-conditioning on a hot afternoon if we’re not there. Great, but that may well mean that a hacker in Shanghai with his cell phone could do the same thing or worse. And a so-called “Smart Grid” that is as vulnerable as what we’ve got is not smart at all, it’s a really, really stupid grid. (1)

Last year, Forbes ran the story “When ‘Smart Homes’ Get Hacked: I Haunted A Complete Stranger’s House Via The Internet”.

The Hatleys’ home was at my command after a Google search

“I can see all of the devices in your home and I think I can control them,” I said to Thomas Hatley, a complete stranger in Oregon who I had rudely awoken with an early phone call on a Thursday morning.

He and his wife were still in bed. Expressing surprise, he asked me to try to turn the master bedroom lights on and off. Sitting in my living room in San Francisco, I flipped the light switch with a click, and resisted the Poltergeist-like temptation to turn the television on as well.

“They just came on and now they’re off,” he said. “I’ll be darned.”

The home automation market was worth $1.5 billion in 2012 according to Reuters; there’s been an explosion in products that promise to make our homes “smarter.” The best known is Nest, a thermostat that monitors inhabitants’ activity, learns their schedules and temperature preferences and heats or cools the house as it deems appropriate. Many of these products have smartphone apps and Web portals that let users operate devices, cameras, and locks from afar. Getting to live the Jetsons’ lifestyle has downsides though; as we bring the things in our homes onto the Internet, we run into the same kind of security concerns we have for any connected device: they could get hacked.

 …Thomas Hatley’s home was one of eight that I was able to access. Sensitive information was revealed – not just what appliances and devices people had, but their time zone (along with the closest major city to their home), IP addresses and even the name of a child

… I could have wreaked serious havoc with this home. (2)

What are the possibilities of a home that allows remote control to lights, hot tubs, fans, televisions, water pumps, thermostats, garage doors, cameras, ovens, or a host of other “smart” devices?

An article in the news recently profiled a baby monitor that had been hacked.(3) And the hacker could see and talk to the children.

They heard a strange voice in the bedroom, shared by their two toddlers. When they got there, they realized the voice was coming from the Web camera they use to keep tabs on the children.

What they heard was ugly.

“He said, ‘Wake up, Allyson, you little slut,’” Gilbert said.

When he and his wife Lauren arrived, the camera swiveled to face them. The hacker proceeded to call him a “stupid moron” and his wife a bitch, Gilbert said, before he unplugged the camera.

How “convenient” is it when unknown entities can see the children and adults living in a home?

How connected do you want an outsider to be to your oven, your sprinkler system, or your home security system?

Pranksters, former spouses, people with a grudge, as well as child molesters, stalkers, burglars, and the government are examples of those who will have much easier access to your home and everything and everyone precious to you if you are part of this networked system.

Is that a risk you want to take?

 

Sources:

(1) http://www.energynow.com/video/2011/08/13/guarding-grid-08142011

(2)  http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/  for the complete article and photos

(3) http://www.cnn.com/2013/08/14/tech/web/hacked-baby-monitor/

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.