The “smart home” is a Jetsonian future concept in which all our domestic needs are automated. As it stands today, however, smart devices are buggy and often very easy to hack. The latest scary example of a security failure comes from a team of researchers at the University of Michigan who managed to hack one of the most popular smart home ecosystems in the world.
Samsung’s SmartThings is one of our favorite smart home systems because it can do so much for so little cost. Unfortunately, the open ecosystem that makes it so versatile ends up being one of its biggest weakness when it comes to security.
In the video above, researchers show how they were able to pull off four successful proof-of-concept hacks by creating malicious apps. The hacks allow the researchers to open electronic locks, change a smart home’s “vacation” settings, and even set off a house’s fire alarm with false messages. According to these white-hat hackers, the main issue is “over-privilege,” meaning apps on the SmartThings platform have too much access to connected devices.
Atul Prakash, one of the researchers on the project, explains why this is such a big vulnerability. “Say you give someone permission to change the lightbulb in your office, but the person also ends up getting access to your entire office, including the contents of your filing cabinets.”
The University of Michigan and SmartThings have been working for the past few weeks to fix these vulnerabilities. In a statement to Gizmodo, SmartThings adds that “potential vulnerabilities disclosed in the report are primarily dependent on two scenarios - the installation of a malicious SmartApp or the failure of third party developers to follow SmartThings guidelines on how to keep their code secure.” The CEO of SmartThings has also addressed these new hacks in a blog post.
So in a perfect world, this wouldn’t be a problem—but the world is far from perfect. Simply put, smart homes have a long way to go before you can be confident that they’re secure. One of the biggest problems with any smart ecosystem is that it inevitably makes your home a bigger target for hackers. Once a hacker is inside your smart fridge or electronic lock, it doesn’t take much for them to gain access to the whole system.
Luckily, most hackers usually go after targets where they can make the most money, like a cache of credit card data. A single smart home isn’t exactly an appealing target. But if you don’t like the idea of potentially handing over the keys to your kingdom, maybe it’s best to give smart home tech some more time to grow up.