How Smart Homes Face Increasing Risk From Hackers
But old-fashioned dwellings may be preferable if the future means hackers will try to use our smart homes against us. If that becomes a thing, owning a smart home could start to seem pretty stupid.
It's happening already. Earlier this year, some Ohio parents found that a hacker had infiltrated their baby monitor and was yelling at their 10-month-old; last year, something similar happened with a two-year-old in Texas. Also in 2013, Miss Teen USA, Cassidy Wolf, discovered that a hacker%VIRTUAL-pullquote-"It could be a guy sitting in a car parked in your driveway, and he turns off your alarm, and then he goes into your house and robs you. Or it can be downright orneriness, like causing a toilet to be continuously flushed."% used her webcam to obtain photos of her undressing in her bedroom. (The hacker, who turned out to be a former classmate, was recently sentenced to 18 months in prison.)
And several months ago, Proofpoint, a vendor of data protection services, said it discovered a hack that utilized "more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multimedia centers, televisions and at least one refrigerator that had been compromised and used as a platform to launch attacks."
In other words, instead of using your email and computer router to send spam, a hacker could potentially use the software that opens your garage door to send thousands of malicious emails.
If it hasn't happened yet, it could. If all of the above isn't unsettling, consider that last year, a Chicago-based security company called Trustwave Holdings released a public statement advising Lixil, a Japanese-based toilet manufacturer that sells the Satis smart toilet, that it is vulnerable to a hack attack.
"Any attacker could simply download the 'My Satis' application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner," Trustwave's advisory read. "Attackers could cause the unit to unexpectedly open/close the lid, [or] activate bidet or air-dry functions, causing discomfort or distress to user."
Smart-home hacking is "a problem already, and it's just going to continuously get worse," says Jerry Irvine, a member of the National Cyber Security Task Force, which is overseen by the National Cyber Security Partnership. He's also the chief information officer of Prescient Solutions, a Chicago-based IT outsourcer.
"It could be a guy sitting in a car parked in your driveway, and he turns off your alarm, and then he goes into your house and robs you. Or it can be downright orneriness, like causing a toilet to be continuously flushed," Irvine says. "But the real risks are the hackers who gain access to your devices, because if they can get into your thermostat, refrigerator and smart TV and begin listening on your network, then they can begin finding your usernames and passwords, and they can get to your financial information. It's scary."
As Eric Ackerman, dean of Nova Southeastern University's Graduate School of Computer and Information Sciences in Fort Lauderdale, Florida, puts it: "Any system has the potential to be hacked ... If someone really wants access to something and they have enough resources, they will get it."
Often, hackers aren't looking for financial gain, says Jordan Edelson, a software developer and CEO of Appetizer Mobile, a New York City-based mobile app company. "The majority of these hackers aren't your average criminal or thief. It's all about the bragging rights to be able to say, 'Hey, I hacked into this house. Look what I can do.' If they can turn on a camera in the house and mess with the lights and freak out the homeowner, it's a high."
Solutions. You could avoid technology, but technology gurus suggest the following instead:
- Hire a professional. If you think your home is vulnerable, Irvine says there are numerous mainstream services, such as Best Buy's Geek Squad and others at large electronics retailers, that can ensure your smart home systems are protected with firewalls. "They typically charge you $75 an hour and will take an hour or two," Irvine says of such services, adding that you should make sure to change your passwords so the person who set your system up doesn't gain access to all the smart devices in your home.
- Update your software. If a device sends you a patch to protect your equipment from malware or offers some sort of software update, don't ignore it, Edelson urges. "Deployment is sometimes a hassle, but you want to mitigate your risk and exposure the best you can," he says. Besides, hassle or not, those updates are sent for a reason.
- Protect your phone. Smart homes are closely tied to smartphones, so you don't want to lose yours. Set up safeguards in case you do. Irvine stresses the importance of having a PIN number to lock your smartphone so others can't access it, although he admits that for a hacker, "the PIN is nothing but a nuisance." He says most hackers can get around the PIN number within 15 seconds to five minutes.
- Eschew technology – for now. If you are nervous, don't be an early adapter. Wait for smart home technology to work out the kinks. Since the industry wants you as a consumer, it's a safe bet that the questions swirling around the safety of smart homes will eventually be answered.
Edelson agrees. "The smart home systems are still very fragmented," he says. But as more companies get into the business and smart homes become even smarter, he says the risks of hacking will decrease.
We'd better hope so. It was always unnerving to know a bad guy could barge through the front door or access our bank accounts by attacking our computers, but it's really frightening to think that someday we'll worry about being accosted through our televisions, toilets and thermostats. And apparently, as a society, we are not yet adept at securing smart refrigerators and lighting systems.
Case in point: When Irvine was asked if homeowners were following the aforementioned suggestions for keeping their smart home devices protected from outsiders, his reply wasn't very reassuring: "Nobody's doing it."