Close X
Tuesday, December 24, 2024
ADVT 
Tech

Hacking Into Homes: Indian-Origin Scientist Atul Prakash Hacks Into Popular 'Smart Home' Security

Darpan News Desk IANS, 03 May, 2016 12:58 PM
    An Indian-origin cybersecurity researcher from University of Michigan and his team have successfully hacked into a leading “smart home” automation system and got the PIN code to a home's front door.
     
    The “lock-pick malware app” developed by Atul Prakash, professor of computer science and engineering, was one of four attacks that the cybersecurity researchers performed at an experimental set-up of Samsung's “SmartThings”, a top-selling Internet of Things (IoT) platform for consumers. 
     
    The work is believed to be the first platform-wide study of a real-world connected home system. “At least today, with the one public IoT software platform we looked at, which has been around for several years, there are significant design vulnerabilities from a security perspective," said Prakash. 
     
    “I would say it's okay to use as a hobby right now but I wouldn't use it where security is paramount,” he added.
     
    As a testament to the growing use of “SmartThings”, its Android companion app that lets you manage your connected home devices remotely has been downloaded more than 100,000 times. 
     
    SmartThings' app store, where third-party developers can contribute SmartApps that run in the platform's cloud and let users customise functions, holds more than 500 apps.
     
    Prakash and Earlence Fernandes, doctoral student in computer science and engineering performed a security analysis of the SmartThings' programming framework.
     
     
    They demonstrated a SmartApp that eavesdropped on someone setting a new PIN code for a door lock and then sent that PIN in a text message to a potential hacker. 
     
    The SmartApp, which they called a "lock-pick malware app", was disguised as a battery level monitor and only expressed the need for that capability in its code.
     
    As an example, they showed that an existing, highly rated SmartApp could be remotely exploited to virtually make a spare door key by programming an additional PIN into the electronic lock. 
     
    They showed that SmartApp could turn off "vacation mode" in a separate app that lets you programme the timing of lights, blinds, etc., while you're away to help secure the home.
     
    They demonstrated that a fire alarm could be made to go off by any SmartApp injecting false messages. “The access SmartThings grants by default is at a full device level, rather than any narrower," Prakash said. 
     
    “As an analogy, say you give someone permission to change the lightbulb in your office, but the person also ends up getting access to your entire office, including the contents of your filing cabinets,” he explained.
     
    These results have implications for all smart home systems and even the broader Internet of Things (IoT).
     
     
    “The bottom line is that it's not easy to secure these systems" Prakash said. "There are multiple layers in the software stack and we found vulnerabilities across them, making fixes difficult."
     
    The researchers will present a paper on the findings at the IEEE symposium on security and privacy in San Jose, California, later this month.

    MORE Tech ARTICLES

    LinkedIn Shares Tumble On Weak Forecast For 2016

    LinkedIn Shares Tumble On Weak Forecast For 2016
    SAN FRANCISCO — LinkedIn shares plunged as much as than 28 per cent in after-hours trading Thursday after it reported better-than-expected results for the fourth quarter but provided a weak forecast for 2016.

    LinkedIn Shares Tumble On Weak Forecast For 2016

    Pipelines As Political? Natural Resources Minister Says It's Not A Bad Thing

    Pipelines As Political? Natural Resources Minister Says It's Not A Bad Thing
    CALGARY — Canada's natural resources minister isn't shying away from describing the decision-making process for pipelines as political.

    Pipelines As Political? Natural Resources Minister Says It's Not A Bad Thing

    Canadians Edge Toward Room Temperature Superconductors

    Canadians Edge Toward Room Temperature Superconductors
    Canadian scientists have made an important advance that could one day lead to a science-fiction world of levitating trains and batteries that don't lose their juice sitting in the drawer.

    Canadians Edge Toward Room Temperature Superconductors

    Google Search Chief Amit Singhal Handing Baton To Artificial Intelligence Head

    Google Search Chief Amit Singhal Handing Baton To Artificial Intelligence Head
    India-born Amit Singhal, the longtime chief of Google's Internet search business, will leave the company on Feb 26 and be replaced by the head of the technology giant's artificial intelligence (AI) business.

    Google Search Chief Amit Singhal Handing Baton To Artificial Intelligence Head

    Chiraag Juvekar, Indian-Origin Scientists Develop Hack-Proof Chip

    Chiraag Juvekar, Indian-Origin Scientists Develop Hack-Proof Chip
    A team of Indian-origin researchers has developed a new type of radio frequency identification (RFID) chip that is virtually impossible to hack, thus preventing your credit card number or key card information from being stolen.

    Chiraag Juvekar, Indian-Origin Scientists Develop Hack-Proof Chip

    Yahoo To Cut 1,700 Workers As CEO Tries To Save Her Own Job

    Yahoo To Cut 1,700 Workers As CEO Tries To Save Her Own Job
    Yahoo is laying off about 1,700 employees and shedding some of its excess baggage in a shake-up likely to determine whether CEO Marissa Mayer can save her own job.

    Yahoo To Cut 1,700 Workers As CEO Tries To Save Her Own Job