Smart homes allow you to connect different aspects of your home, including things like appliances, alarms, and sensors. Most find this concept alluring since you can control your appliances and home security remotely, allowing you peace of mind whether you are at home or away.
With the convenience provided by these smart home systems comes considerable risk. Some devices, while acting as a helpful tool, could end up hurting you if access to your system fell into the wrong hands.
In hopes to identify potential security risks and call attention to producers of smart home systems and devices, a team made up of Earlence Fernandes, Jaeyeon Jung, and Atul Prakash joined forces to look at different systems. The systems under study were those that were larger and more popular with consumers. They looked at common features, how devices interacted with each other, which third-party apps were supported, and most importantly, security features, among other aspects.
From this study, two major flaws were found:
Akin to your smartphone asking for permission to access certain things on your phone, certain smart home devices and apps can access different functions with your permission. The problem therein lies in how these functions are grouped together.
For example, if an app can automatically lock a door after 9pm, it likely has the privilege to unlock it, although that function is not necessary. The app developer cannot ask for permission to lock a door without the ability to unlock it.
Most apps have access to more functions than they need, putting your security at risk.
Because devices and apps can communicate through messaging (think instant messenger), sensitive data sent through this system can be vulnerable. For example, a door lock’s PIN code may be sent in a message. Since these messages are not entirely secure, any software that has the most basic access to your device can receive all the messages that the device generates or receives.
Other apps can also “impersonate” smart home equipment, in that, they can send messages that look like messages sent from real smart home devices. The phony app could possibly read and steal the network’s ID and then create a message.
Testing The Flaws
The team of researchers then created four different attacks to show how attackers could use the aforementioned flaws to their advantage.
For the first attack, they created an app that’s purpose was to simply monitor battery levels of various wireless devices around the home. However, after a user downloads the app, it can be reprogrammed to monitor other messages sent by those devices.
In the second attack, they were able to listen to the supposedly secure messages between an app and its companion mobile device. The team was able to impersonate the mobile device and send commands to the app, such as creating a new PIN which would give an attacker access to your home.
The third and fourth attacks involved disabling and enabling different functions. For example, a custom app could disable “vacation mode,” which allows the system to turn lights on and off to make the home seem as if it is occupied. Another app was able to falsely trigger a fire alarm by acting as a carbon monoxide monitor.
Just because smart home systems currently have security flaws does not mean these systems and the Internet of Things do not have great potential. As of now, if you are considering adopting a smart home system, much like anything else, proceed with caution. You might want to think twice about giving third party apps access to your devices, and do some research on the security of the system you choose.
As security and technology improves with these systems, the Internet of Things and smart home systems will likely see much wider adoption. This could eventually lead to better quality of living.
Have you considered adopting a smart home system now or in the future? Do you currently employ any smart home devices? Share your thoughts and experiences with us on Facebook, Google+, Twitter, or Pinterest.
For an excellent selection of security cameras, CCTV surveillance packages, security equipment, and more, please visit SecurityCamExpert.com. If you have any questions, please call 1-888-203-6294.