Last week, the Black Hat conference was held in Las Vegas. The conference name is a bit of a misnomer as most presenters and attendees are white hat. Browsing through the conference topics, it was noticeable the number of hacking attacks on components of a smart house. In this age of the Internet of Things, hacking is not limited to PCs, smartphones and tablets. As aspects of the home are increasingly software controlled and connected to the internet, so the hacking attack surfaces are expanded.
Features built into the home to increase security, are often points exposing the most serious vulnerabilities. This includes smart door locks, garage locks, surveillance cameras, lights, and home alarm systems. The trend of providing access to home security devices through smart phone apps, can introduce attack vectors. The home burglar of the future could well be equipped with software hacking techniques.
In addition to security features, home temperatures and lighting are also software controlled and internet-connected in the smart home. Many of these smart devices use the home wi-fi network for control. Breaking into this wi-fi network is an obvious attack route for a hacker.
The current generation of smart TVs are susceptible to hacking where their cameras and microphones can be manipulated enabling the hacker to watch and listen to those watching the TV. Researchers at the Black Hat conference showed that the TV’s browser and Skype were potential attack vectors.
Even toilets can now be hacked. The Satis is a smart toilet. The actions of its lid opening and closing, toilet flushing, and the activation of the bidet and air dry functions, are all software controlled and connected. The toilet even plays music! This puppy has so many bells and whistles that even Thomas Crapper would be impressed. The Satis can be controlled by a smartphone app. Trustwave discovered that this app has a hardcoded PIN of “0000”. So anyone can download the app and remotely control the toilet functions, no doubt causing alarm to anyone who happens to be a legitimate user at the time.
Typically, when innovation creates new products controlled by software or connected to the internet, security is only an afterthought in the first generation of products. Manufacturers are generally not experts at software security and are driven to get their new shiny smart widgets to market quickly. Software control and internet connectivity increases the attack surface dramatically. It is only after security exposures or breaches that smart widget manufacturers begin to place high priority on making their products secure from hacking.