Would you give a stranger the keys to your Smart Home?

Jan 30, 2017 • SwitchThat Staff

As the amount of home automation devices continues to increase, we mustn’t lose sight of keeping them all secure.

Seen the film I.T. about a smart home that gets hacked? Mike Regan is a self-made billionaire businessman who has everything, including a stunning smart home and smart car. Having some problems with his smart home he asks Ed, one if his IT employees, to help. All goes well until he fires Ed who launches a hack attack against Mike and his family turning their own smart home and smart car against them, surveilling their every move and making their lives hell.

Here at SwitchThat we don’t think this is a very plausible plot line. “Why not?” we hear smart home skeptics cry out in unison. Mike’s smart home has cameras all over it with motion sensors tracking the position of occupants and Ed didn’t go back in after being fired. So how did he do it? Mike’s home and car would have to be controlled by one of two methods:

  • A cloud based setup with one or multiple technology vendors and IFTTT (a cloud service that provides recipes for how various devices from different vendors can work together).
  • A computer entirely within the home.

The 2 main points of vulnerability are hacking the cloud service and direct access to Mike’s network. For Ed the latter was easy as our intelligent billionaire made a really stupid error. He gave Ed access when he gave him his passwords and failed to change them before firing Ed. It’s like giving a stranger keys to your house then not changing the locks afterwards. When there’s a physical key we keep it safe and are careful who we give it to. Yet unfortunately the same cannot always be said for our virtual keys – our passwords.

Hacking the cloud service will have needed either Mike's passwords or serious hacking efforts. Ed had the passwords, but without them how likely is a hack? We know cloud services get hacked but the motive is the prize of usernames, passwords and other data that is then sold on. As such, hackers are more likely to hack large organisations such as banks, rather than individual smart homes. This sort of hack is more likely to be a personal vendetta.

In addition, the hacker has to break past broadband router firewalls or gain access to your home network by hacking your password. To be able to do this, they would physically have to be close to your home and hack a computer on your home network. Most people's wifi signals barely extend across their entire homes and where they do extend beyond, it is normally only a couple of meters. If you are being hacked and have a smart home, chances are you would spot the hacker!

As Mike found to his cost, we have a responsibility to ensure the security of our smart homes. We can set up some really cool devices and have great fun with them but we also have to do the boring security bit. Just as we buy our houses with strong foundations so we need to build our security as strong – and never be a Mike giving the virtual keys to your smart home to a stranger!