Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Black Hat

‘Smart’ Homes Open doors to Hackers

Smart homes that let residents control alarms, locks and more over the internet are opening doors for crooks with hacker skills, according to computer security specialists.

“The smart home trend is growing, and it evolves quickly into a story of security,” Trustwave managing consultant Daniel Crowley told AFP.

Smart homes that let residents control alarms, locks and more over the internet are opening doors for crooks with hacker skills, according to computer security specialists.

“The smart home trend is growing, and it evolves quickly into a story of security,” Trustwave managing consultant Daniel Crowley told AFP.

“Connecting things to a network opens up a whole range of vectors of attack, and when you are talking door locks, garage doors, and alarm controls it gets scary.”

Crowley and Trustwave colleague David Bryan found security “pretty poor” on the home networking devices they studied.

“If someone can access your home network, but doesn’t have a key to your home, they can still unlock your door and get in,” Crowley said of what he found in gear on the market.

Trustwave researchers will share their findings Thursday with peers at a the Black Hat security conference in Las Vegas and at the infamous Def Con hacker gathering taking place in that city through the weekend.

A vulnerability of particular concern to the researchers was that once hackers joined local home networks, perhaps through poorly protected wireless routers or using malware slipped onto computers, they could control devices with no password or other authentication required.

“The fact that you need to be on someone’s local network to exploit these things is not as big a hurdle as you’d imagine,” Crowley said.

Advertisement. Scroll to continue reading.

And the trend of providing people with smartphone applications for controlling smart home devices while away means that crooks who hack into handsets could potentially grab the reins, according to the researchers.

There are also ways to use computer “IP” numbers to figure out real-world addresses, and some smart home applications, themselves, reveal location information, according to Trustwave.

Combing that capability with hacking tools could put an Internet age twist on home burglaries, the researchers said.

“I don’t think this will be something that enables the ordinary criminal to do something they weren’t doing before,” Crowley said.

“The big risk is that a compromise could give you access to hundreds of thousands of homes all at once; I could see that as an attack someone could actually use to launch a crime spree.”

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Black Hat

Black Hat 2019 recently wrapped in Las Vegas, where somewhere between 15,000 and 20,000 experts descended to experience the latest developments in the world...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.