University of Michigan researchers have developed a way to hack into the leading "smart home" automation system and get the PIN code to a home's front door.
The method, a "lock-pick malware app," was one of four attacks the researchers used on an experimental set-up of Samsung's SmartThings.
The researchers performed a security analysis of the SmartThings' programming framework and conducted successful proof-of-concept attacks to show the impact of the flaws they found. For example, they demonstrated a SmartApp that eavesdropped on someone setting a new PIN code for the door lock, and then sent the PIN in a text message to a potential hacker. The app was disguised as a battery-level monitor and only expressed the need for that capability in its code.
The researchers also showed an existing, highly rated SmartApp could be remotely exploited to virtually make a spare door key by programming an additional PIN into the electronic lock. A different SmartApp was shown to be able to turn off "vacation mode," which enables the user to program the timing of lights, blinds, and other household features to help secure the home while the owner is away.
The researchers note one common security flaw is the platform grants its SmartApps too much access to devices and to the messages those devices generate.
From University of Michigan News Service
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA
No entries found