How Secure Are We At Home?
More and more Americans are installing home automation systems which, among other things, control physical access and security. If the list of topics at next month’s Black Hat conference is anything to go by, we should be getting nervous. Very nervous.
At least three presentations at the security conference in Las Vegas will deal with the issue of home automation and its vulnerability to bad guys. The summaries of the presentations now available on the conference website give few technical details, but they indicate there is cause for concern.
Drew Porter and Stephen Smith, senior security analysts at Bishop Fox, call their presentation “Let’s get physical: breaking home security systems and bypassing buildings’ controls.”
They put the number of home and office security systems in the US at 36 million, and say they are all vulnerable. “This is not your grandpa’s talk on physical security,” they say. “This talk is about bypassing digital security systems, from simple door sensors to intercepting signals and even the keypad before it can alert the authorities . . . All the methods presented are for covert entry and leave no physical sign of entry or compromise. Come join us to see live demos of what the security companies never want you to see.”
In a presentation titled “Hi Honey, I’m home – Hacking Z-wave home automation systems,” researchers Sahand Ghanoun and Behrang Fouladi discuss the systems that control everything in the home from security to air-conditioning and lighting.
“As you arrive home, the system can automatically open the garage door, unlock the front door and disable the alarm, light the downstairs, and turn on the TV,” they say, adding that the home automation market in the US was worth about $3.2 billion in 2010 and is expected to exceed $5.5 billion in 2016.
They say Zigbee and Z-wave wireless communication protocols are the most commonly used in home automation systems. “The Z-wave protocol is gaining momentum against the Zigbee protocol . . . Our talk will show how the Z-Wave protocol can be subjected to attacks.”
Then there’s the talk “Home invasion V2.0 – Attacking network-controlled hardware,” by researchers Daniel Crowley, David Bryan and Jennifer Savage.
“A growing trend in electronics is to have them integrate with your home network to provide potentially useful features like automatic updates or to extend the usefulness of existing technologies such as door locks you can open and close from anywhere in the world,” they say. “What this means for us as security professionals, or even just as people living in a world of network-connected devices, is that being compromised poses greater risk than before.”
And this can mean anything from discomfort and covert spying to personal harm. “If your door lock or space heater are compromised, you’re going to have a very bad day,” they say. “This talk will discuss the potential risks posed by network-attached devices and even demonstrate new attacks against products on the market today.”