When íSmart Homesí Get Hacked: I Haunted A Complete Strangerís House Via The Internet
By Kashmir Hill | Forbes
ďI can see all of the devices in your home and I think I can control them,Ē I said to Thomas Hatley, a complete stranger in Oregon who I had rudely awoken with an early phone call on a Thursday morning.
He and his wife were still in bed. Expressing surprise, he asked me to try to turn the master bedroom lights on and off. Sitting in my living room in San Francisco, I flipped the light switch with a click, and resisted the Poltergeist-like temptation to turn the television on as well.
ďThey just came on and now theyíre off,Ē he said. ďIíll be darned.Ē
The home automation market was worth $1.5 billion in 2012 according to Reuters; thereís been an explosion in products that promise to make our homes ďsmarter.Ē The best known is Nest, a thermostat that monitors inhabitantsí activity, learns their schedules and temperature preferences and heats or cools the house as it deems appropriate. Many of these products have smartphone apps and Web portals that let users operate devices, cameras, and locks from afar. Getting to live the Jetsonsí lifestyle has downsides though; as we bring the things in our homes onto the Internet, we run into the same kind of security concerns we have for any connected device: they could get hacked.
Googling a very simple phrase led me to a list of ďsmart homesĒ that had done something rather stupid. The homes all have an automation system from Insteon that allows remote control of their lights, hot tubs, fans, televisions, water pumps, garage doors, cameras, and other devices, so that their owners can turn these things on and off with a smartphone app or via the Web. The dumb thing? Their systems had been made crawl-able by search engines Ė meaning they show up in search results ó and due to Insteon not requiring user names and passwords by default in a now-discontinued product, I was able to click on the links, giving me the ability to turn these peopleís homes into haunted houses, energy-consumption nightmares, or even robbery targets. Opening a garage door could make a house ripe for actual physical intrusion.
Thomas Hatleyís home was one of eight that I was able to access. Sensitive information was revealed Ė not just what appliances and devices people had, but their time zone (along with the closest major city to their home), IP addresses and even the name of a child; apparently, the parents wanted the ability to pull the plug on his television from afar. In at least three cases, there was enough information to link the homes on the Internet to their locations in the real world. The names for most of the systems were generic, but in one of those cases, it included a street address that I was able to track down to a house in Connecticut.
When I called, a ďCraigĒ picked up the phone. He revealed that he has a side job as a consultant who helps install Insteon devices in peopleís homes, and had been using the system himself for 10 years. I told him I could see (and probably control) his network and he became defensive.
ďThereís a password, though,Ē he said testily. ďI want potential customers to be able to see the system to know how it works. You canít control them, you can just see them.Ē
I asked him if I could try to turn one of his devices on and off. He told me to turn off the light in the room he was in. After I did it, there was a pregnant pause. ďAnything?,Ē I asked. He responded that nothing happened and rushed off the phone. I suspected he might be lying. The next day, Craigís system was locked down, accessible only by username and password.
Read the full article at: forbes.com
Smart Devices That Make Life Easier May Also Be Easy To Hack
Hacker taunts child over baby monitor
US Gov War On Hackers Backfires: Now Top Hackers Wonít Work With US Government
Shodan: The scariest search engine on the Internet
Elite Hacker Barnaby Jack Murdered by NSA?
Hacker reveals email addresses of 1,350 Council on Foreign Relations members
Google Glass app will map your face to detect your emotions
Hackers Expose How Connected Toilets, Heaters and Lightbulbs Are at Risk
Monitoring the Elderly with CCTV and GPS: Relief or Repression?
Latest News from our Front Page
Better Identification of Viking Corpses Reveals: Half of the Warriors Were Female
Shieldmaidens are not a myth! A recent archaeological discovery has shattered the stereotype of exclusively male Viking warriors sailing out to war while their long-suffering wives wait at home with baby Vikings. (We knew it! We always knew it.) Plus, some other findings are challenging that whole ‚Äúrape and pillage‚ÄĚ thing, too.
Researchers at the University of Western Australia decided ...
Off Your Knees, Germany! Ernst Zundel 1983 - 2003
For more information on the holocaust, how the war was forced upon Germany, and the REAL victims of the second world war see:
IRS Drops Attack For Six Years ‚Äď No Evidence of Jurisdiction
A big congrats to a friend I‚Äôve been working with for several years, he stood up to the predators commonly called the ‚ÄúIRS‚ÄĚ and they dropped their attack. Thanks also for providing me with the proof below.
The criminals called the ‚ÄúIRS‚ÄĚ initiated an attack claiming my friend was required to file six tax returns, or explain how he made ...
Into Eternity - Finland's 100,000 Year Massive Underground Spent Nuclear Fuel Program
Into Eternity is a documentary about a deep geological repository for nuclear waste. The concept of long-term underground storage for radioactive waste has been explored since the 1950s. The inner part of the Russian doll-like storage canisters is to be composed of copper. Hence in the case of Onkalo it is tightly linked to experiments on copper corrosion in running ...
SPLC Accuses Oath Keepers of Inciting ‚ÄúArmed Confrontation‚ÄĚ Over Sugar Pine Mine
The Southern Poverty Law Center has accused Oath Keepers of inciting an armed confrontation with BLM authorities over the Sugar Pine Mine dispute in Oregon, despite the fact that the organization has explicitly stated that it is not promoting armed confrontation with the feds.
In an article provocatively posted on the organization‚Äôs ‚ÄėHatewatch‚Äô section entitled Oath Keepers Descend Upon Oregon with ...
|More News » |