With the allure of simplifying your life by connecting your home to the Internet–with things like smart appliances, digital door locks, remotely accessible security cameras, and the ability to monitor and shut off your water or electricity from anywhere there is Internet connectivity–users should consider the unintended consequences of hacking. As consumers begin eyeing adding connectivity to appliances and their home in a move dubbed the Internet of things as an extension of their smartphone experience, researchers are cautioning that manufacturers and the home automation industry hasn’t quite thought through the security implications.
One way to automate the home is to send signals over a home’s power lines. The problem, as Wired reported from the DefCon security conference, is that that the signals are sent unencrypted.
This means that someone can connect a sniffer device to the broadband power network through an electrical outlet and sniff the signals to gather intelligence about what’s going on in a building where the systems are installed – such as monitor the movements of people in houses where security systems with motion sensors are enabled. They can also send commands through the network to control devices that are connected to it — for example, to turn lights on or off or to disable alarms and security cameras.
Researchers demonstrated that they can take over a home automation network by creating sniffing boxes. These boxes can be plugged into the home power outlet either inside or outside the home. It can also even plugged into a neighbor’s power outlet and detect signals from nearby homes as there is some signal leakage. One researcher said he was able to pick up on home automation networks from 15 nearby neighbors from within his house.
For consumers, this could spell a security disaster. Home automation systems are designed to protect your home when you’re gone. And users can even turn on and off their lights to give the impression that they’re home when they’re traveling to deter would-be thieves. However, thieves could gain access to a home and detect, based on the signal and what’s being turned on or off, if the home owners are present. They can even jam and unlock locks that are connected to the Internet. And hackers could even access and control your home cameras to monitor you when you’re at home.
The video below shows two researchers talking about the pitfalls of home automation at this time to SC Magazine:
Security problems with home automation will only get bigger as more players enter the market to try to get consumer business. AT&T has launched its Digital Life initiative in select markets that would allow users to secure and monitor their homes remotely thanks to Internet connectivity, and cable TV provider Time Warner is also entering this market to allow users more control of their homes through their connected smartphones or tablets. New locks such as the Lockitron, August, and Kwikset Kevo locks aim to give users more flexibility of unlocking their doors by sending remote codes to the lock. This affords homeowners the convenience of letting in repair or maintenance people while they’re at work, but the downside as we’re learning is that these locks can get hacked. Even Google at one time had high hopes of conquering this emerging space.