Sign In

Communications of the ACM

ACM TechNews

Hacking Into Homes: 'smart Home' Security Flaws Found in Popular System

View as: Print Mobile App Share:
Elements of a smart home.

Researchers have developed a way to hack into the leading smart home automation system.

Credit: Shutterstock

University of Michigan researchers have developed a way to hack into the leading "smart home" automation system and get the PIN code to a home's front door.

The method, a "lock-pick malware app," was one of four attacks the researchers used on an experimental set-up of Samsung's SmartThings.

The researchers performed a security analysis of the SmartThings' programming framework and conducted successful proof-of-concept attacks to show the impact of the flaws they found. For example, they demonstrated a SmartApp that eavesdropped on someone setting a new PIN code for the door lock, and then sent the PIN in a text message to a potential hacker. The app was disguised as a battery-level monitor and only expressed the need for that capability in its code.

The researchers also showed an existing, highly rated SmartApp could be remotely exploited to virtually make a spare door key by programming an additional PIN into the electronic lock. A different SmartApp was shown to be able to turn off "vacation mode," which enables the user to program the timing of lights, blinds, and other household features to help secure the home while the owner is away.

The researchers note one common security flaw is the platform grants its SmartApps too much access to devices and to the messages those devices generate.

From University of Michigan News Service
View Full Article


Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account