02 August 2013

"Smart houses" may pose security risks

Exerpts from a column by a staff member at Forbes:
I can see all of the devices in your home and I think I can control them,” I said to Thomas Hatley, a complete stranger in Oregon who I had rudely awoken with an early phone call on a Thursday morning.

He and his wife were still in bed. Expressing surprise, he asked me to try to turn the master bedroom lights on and off. Sitting in my living room in San Francisco, I flipped the light switch with a click, and resisted the Poltergeist-like temptation to turn the television on as well.

“They just came on and now they’re off,” he said. “I’ll be darned.”...

Googling a very simple phrase led me to a list of “smart homes” that had done something rather stupid. The homes all have an automation system from Insteon that allows remote control of their lights, hot tubs, fans, televisions, water pumps, garage doors, cameras, and other devices, so that their owners can turn these things on and off with a smartphone app or via the Web. The dumb thing? Their systems had been made crawl-able by search engines – meaning they show up in search results — and due to Insteon not requiring user names and passwords by default in a now-discontinued product, I was able to click on the links, giving me the ability to turn these people’s homes into haunted houses, energy-consumption nightmares, or even robbery targets. Opening a garage door could make a house ripe for actual physical intrusion.
More at the link, via The Dish.

2 comments:

  1. Aaack. I have very unpleasant names for people who design systems without thinking about the security ramifications. What a nightmare.

    ReplyDelete
  2. Every time I've seen an ad for smart homes and the apps that can be used, I've cringed for just this reason. There is no way I want to leave my home vulnerable to a stranger's hacking skills. A remote for the TV is fine and I love my garage door opener, but I think I'll leave my home electronics stupid and feel safer.

    I'm going to go read the Forbes article.

    ReplyDelete