Friday, November 2, 2018

We hired ethical hackers to hack a family's smart home — here's how it turned out


by Luke Denne, Greg Sadler, Makda Ghebreslassie

Vulnerabilities revealed in smart home devices prompt 1 manufacturer to immediately beef up protections

image from: https://www.cbc.ca/news/technology/smart-home-hack-marketplace-1.4837963

Security was a key consideration for Kenwood and Yarema when they shopped for their devices. So the couple was shocked by how easily a team of ethical, or "white hat", hackers hired by Marketplace took control of their devices — a series of tests done with the family's permission.

Normally hired to check the security of complex IT systems, the team from Scalar Decisions was instead tasked with testing the security of the family's smart home.

Could smart home devices be vulnerable to hackers? Earlier, CBC Marketplace's Makda Ghebreslassie and security expert Theo Van Wyk answered your questions.


 Sitting in a van on the street outside, the Scalar team managed to crack the family's Wi-Fi password in less than two hours. The same password had been used to set up the thermostat, allowing them to remotely turn the heat up or off completely.

'We have a child in here'

The hackers then turned their attention to the family's front door. Using a sophisticated phishing email, the ethical hackers managed to trick Kenwood into giving them her log-in details for her home hub.

The family uses a Wink Connected Home Hub, allowing them to control their lights and front door with a smartphone app.

After receiving the email, Kenwood believed she was logging onto the Wink website, when instead she was handing her password over to the hackers. With full access to her account, they were able to unlock the couple's front door and enter the home.

That password had also been used by Kenwood across other accounts, including the family's Nest security cameras, allowing the team to log in and view what was happening inside the home.

And it gave the hackers the ability to send voice commands to the couple's Amazon Echo, where they could potentially place Amazon orders using Kenwood's stored credit card information.

"It's terrifying that they're able to get into so many devices," said Kenwood. "It's our home ... we have a child in here."

After seeing how their smart home could be hacked, the family's first step would be "taking the door lock off the Wi-Fi," said Yarema.

'Be alert for phishing emails'

Reusing the same password across multiple accounts — something many of us are likely guilty of — made the family's home less secure, said Arsenii Pustovit, leader of Scalar's ethical hacker team.

"You want to have different passwords for each of your online accounts," he said.

Since most of us struggle to remember multiple passwords, he suggests using something called a password manager. It generates complicated passwords for each of your online accounts, but you only have to remember one password — for the manager — to unlock them all.

Article Source:  We hired ethical hackers to hack a family's smart home — here's how it turned out

Related Article:  Glitch in Yale's smart security system sees Brits 'locked out' of homes


When a locksmith is needed for home use, always choose the best! Get a quote from Quick Norcross Locksmith LLC.

No comments:

Post a Comment