When ’Smart Homes’ Get Hacked: I Haunted A Complete Stranger’s House Via The Internet
2013 09 10
By Kashmir Hill | Forbes
“I can see all of the devices in your home and I think I can control them,” I said to Thomas Hatley, a complete stranger in Oregon who I had rudely awoken with an early phone call on a Thursday morning.
He and his wife were still in bed. Expressing surprise, he asked me to try to turn the master bedroom lights on and off. Sitting in my living room in San Francisco, I flipped the light switch with a click, and resisted the Poltergeist-like temptation to turn the television on as well.
“They just came on and now they’re off,” he said. “I’ll be darned.”
The home automation market was worth $1.5 billion in 2012 according to Reuters; there’s been an explosion in products that promise to make our homes “smarter.” The best known is Nest, a thermostat that monitors inhabitants’ activity, learns their schedules and temperature preferences and heats or cools the house as it deems appropriate. Many of these products have smartphone apps and Web portals that let users operate devices, cameras, and locks from afar. Getting to live the Jetsons’ lifestyle has downsides though; as we bring the things in our homes onto the Internet, we run into the same kind of security concerns we have for any connected device: they could get hacked.
Googling a very simple phrase led me to a list of “smart homes” that had done something rather stupid. The homes all have an automation system from Insteon that allows remote control of their lights, hot tubs, fans, televisions, water pumps, garage doors, cameras, and other devices, so that their owners can turn these things on and off with a smartphone app or via the Web. The dumb thing? Their systems had been made crawl-able by search engines – meaning they show up in search results — and due to Insteon not requiring user names and passwords by default in a now-discontinued product, I was able to click on the links, giving me the ability to turn these people’s homes into haunted houses, energy-consumption nightmares, or even robbery targets. Opening a garage door could make a house ripe for actual physical intrusion.
Thomas Hatley’s home was one of eight that I was able to access. Sensitive information was revealed – not just what appliances and devices people had, but their time zone (along with the closest major city to their home), IP addresses and even the name of a child; apparently, the parents wanted the ability to pull the plug on his television from afar. In at least three cases, there was enough information to link the homes on the Internet to their locations in the real world. The names for most of the systems were generic, but in one of those cases, it included a street address that I was able to track down to a house in Connecticut.
When I called, a “Craig” picked up the phone. He revealed that he has a side job as a consultant who helps install Insteon devices in people’s homes, and had been using the system himself for 10 years. I told him I could see (and probably control) his network and he became defensive.
“There’s a password, though,” he said testily. “I want potential customers to be able to see the system to know how it works. You can’t control them, you can just see them.”
I asked him if I could try to turn one of his devices on and off. He told me to turn off the light in the room he was in. After I did it, there was a pregnant pause. “Anything?,” I asked. He responded that nothing happened and rushed off the phone. I suspected he might be lying. The next day, Craig’s system was locked down, accessible only by username and password.
Read the full article at: forbes.com
Smart Devices That Make Life Easier May Also Be Easy To Hack
Hacker taunts child over baby monitor
US Gov War On Hackers Backfires: Now Top Hackers Won’t Work With US Government
Shodan: The scariest search engine on the Internet
Elite Hacker Barnaby Jack Murdered by NSA?
Hacker reveals email addresses of 1,350 Council on Foreign Relations members
Google Glass app will map your face to detect your emotions
Hackers Expose How Connected Toilets, Heaters and Lightbulbs Are at Risk
Monitoring the Elderly with CCTV and GPS: Relief or Repression?
Latest News from our Front Page
Pope Francis named Time’s ‘Person of the Year 2013’
2013 12 11
Pope Francis, the first Jesuit pontiff, elected nine months ago, was named Time magazine’s Person of the Year for 2013, leaving whistleblower Edward Snowden in second place, the magazine revealed on Wednesday.
The iconic title goes each year to the one chosen by prominent US magazine Time as the individual who had the most influence on the world and news over ...
Equal Opportunity Killing
2013 12 11
Nancy Pelosi called it the “selfie of the year": the group snapshot of the first four women to make it through Marine infantry training.
"Fearless," as Pelosi describes them. "Badasses," as onlookers have labeled them. Here is an acerbic quote from an article on Gawker:
These women have now definitively proven what fatuous Congressional oldsters for so long prevented other women from ...
(NOOOOOOOO!) JPMorgan files patent for Bitcoin-style payment system
2013 12 11
These guys never stop. I respect that about JP (in the way that I respect the Empire in Star Wars) and there is something to be said for an idea so disruptive that it attracts the sharks at JP.
But given this, if one doesn’t trust Bitcoin, don’t even consider trusting JPMorgan’s version of it.
(From The FT)
JPMorgan’s proposed system involves creating ...
New ‘Revelations’ on Kenya Mall Massacre: There were only FOUR shooters – who escaped alive
2013 12 11
21st Century Wire says…
From the onset, the Kenya Mall Massacre was riddled with odd circumstances and dramatised media coverage, so much so that it is very difficult not to skeptical about the official narrative of what happened, and who was involved. That narrative continues to unravel…
As 21Wire reported in late September, the attack which took place at the Westfields Shopping ...
Record outdoor radiation level that ‘can kill in 20 min’ detected at Fukushima
2013 12 11
Outdoor radiation levels have reached their highest at Japan’s Fukushima nuclear plant,warns the operator company.Radiation found in an area near a steel pipe that connects reactor buildings could kill an exposed person in 20 minutes,local media reported.
The plant’s operator and the utility responsible for the clean-up Tokyo Electric Power Company (TEPCO) detected record radiation levels on a duct which connects ...
|More News » |