Burglars Could Hack Your Smart Sprinkler to Disable Alarm

Image

Access Charleston has one goal and that is to increase safety for our readership. Our subcribers are most important to us.  Millions of dollars have been put into devices like security cameras and door locks to make them impenetrable, but people haven’t paid the same attention to low-integrity devices such as light switches. Logically speaking, there shouldn’t be a way for a message to go from a light switch to a security camera, even indirectly. However, that’s not always the case. Most smart home platforms, operate by using a centralized data store. The data store serves as a kind of switchboard, which apps and devices use to communicate with each other over the internet. Sounds complicated but follow me thanks.

The problem simply explained, is a data store-based system can provide potential hackers the ability to access all devices in your home, from light switches to security alarms. An adversary can compromise one low-integrity product, like a sprinkler or a third-party lighting app, and modify a data store variable that another high-integrity product, such as a security alarm, depends on. This can have a whole host of unwanted consequences.

So Oscar what is the solution? The challenge comes in having to look at your environment as a whole, when there isn’t exactly one main problem or flaw. What you see with smart homes can become a systemic failure, many different bits and pieces coming together to create flaws.

For example, an adversary may compromise a light switch app and modify a variable that makes the security camera turn off when a burglary is in process. Such an attack is called a lateral privilege escalation, where one uses a low-integrity device to compromise any high-integrity devices that connect to the same smart home.

There is so much you can do as a hacker in the context of defeating your home or business system. Vigilance is the key. For many years I was a Home Fire and Life Safety Expert.

Oscar Smith, Editor





I'm interested
I disagree with this
This is unverified
Spam
Offensive