The Internet of Things and by extension, the connected home, is here. But is the world really ready for every facet of our daily lives to be connected to the internet? That smart toaster that notifies you via smartphone when your breakfast is ready might be a cool, convenient addition to your kitchen. But it’s a potential attack vector for hackers to breach your home network. And while it may be nothing more than a harmless prank for a hacker to reset your IoT-connected toaster to the “scorched earth” setting, the reality of this kind of security breach is much worse. Once an experienced hacker gets in thru the toaster, the home security system or front door lock could be their next targets.
That’s exactly what researchers discovered when testing out Samsung’s SmartThings IoT system of products. The test was conducted by computer scientists at the University of Michigan. What they found may come as shocking news to anyone considering outfitting a home with connected devices. The research team devised several exploits that worked against a SmartThing network by taking advantage of intrinsic flaws in the network’s design. One of the exploits was even able to extract the PIN from a connected door lock and send that PIN via text message to an outside recipient.
Most of the exploits were created by taking advantage of how Samsung’s SmartThings control apps interact with a network. Researchers were able to find multiple ways to intercept or redirect data being transmitted between these apps and the network. These processes made it possible to eventually gain entry to almost anything on the network.
It might be a good idea to hold off awhile on purchasing that shiny new SmartFridge. I suppose if you have only one device like this on your network, it could be OK. But once you’re adding door locks and security systems to your network, you’re potentially opening yourself up to these kinds of exploits.