Burglars who want to break into a smart home will have insider help to disable your electronic security system. They can hack into your home’s Internet of Things (IoT) and use one of the interconnected smart devices to shut down the burglar alarm and open the electronic door lock, warned cyber security researchers.
By 2020, there will be around five smart home products for every human on the planet. Many of these computing devices are connected to each other through the Internet. Examples include electronic door locks, LEDs, refrigerators, and heating and air conditioning systems.
Researchers at the College of William & Mary reported that these smart devices have numerous security exploits. Some of these vulnerabilities are so bad, they can only be patched by revamping the way smart home platforms allow these products to talk with each other.
The researchers are cooperating with relevant companies to increase the security of smart home products. (Related: “Smart” homes of the future replacing role of biological PARENTS, thanks to creepy new Google patent for Big Brother system.)
A cyber attack on a smartphone or a computer is bad enough. But hacking a smart home is extremely threatening since it could put the occupants of the house in physical danger.
A smart home platform serves as the link between the physical and digital world. On the one hand, this makes it easier to automate various chores in the house. On the other hand, it also opens up your home to cyber attackers.
In their recently published study, the researchers tested two of the most widely used smart home platforms. These systems are built around a centralized data store that connects different kinds of apps and devices over the Internet.
The centralized data store holds the variables that have been set by the user. An app can write to the store to change the variable, which will be read by the device and executed.
The concept works like this: To deactivate an electronic smart lock, a user takes out his or her smartphone or tablet, brings up the smart home app, and selects the command to open the door. The app sends this command to the data store, which passes the message to the electronic lock, which then opens to let the user in.
Unfortunately, the centralized data store is a particularly juicy target for hackers. If an attacker can gain access to it, he or she could control all of the smart home products in the house. That includes the security systems, such as the alarms and the locks.
A hacker can access the data store by exploiting a smart home product with weak cyber security. Using that badly protected smart device as a gateway, the attacker can change the variable of a much better-protected and far more valuable product with no one the wiser for the change.
Hackers can use a third-party app for simple smart devices — like LED lighting and sprinklers — to turn off the burglar alarm, deactivate the security cameras, and open the electronic lock of the door. This kind of cyber attack is called a “lateral privilege escalation.”
The researchers warned that a burglar can disable the security system of a smart home with distressing ease. The hacker only needs to tap the same public internet network used by the owner of the smart home.
The researchers have warned companies about the security vulnerabilities of smart home platforms and centralized data stores. While some exploits have been fixed, it is still best to lock up your home the old-fashioned way.
Read InformationTechnology.news for more coverage of technology and its vulnerabilities.
Sources include:Submit a correction >>