Hacking concerns


(Mike) #1

Just wondering how Smartthings works in terms of security? I like the service but on the scale of 1-10, how vulnerable is it? I understand, just like physical locks, anything would be vulnerable, but it just depends to what degree…


Protecting smarthings home automation
(Chrisb) #2

Not a very informative story, unfortunately. Just some generic scary info: 8 out of 10 devices are potentially at risk!

Okay… um… did you know that well over 99% of cars are at risk of accidents?!? Technically true, but not terrible informative or accurate. I’m certainly not disputing that security is important here… far from it. When you start doing things like putting your door locks into the cloud, security becomes VERY important.

Most of what I’ve seen reports on IOT hacking revolves more around nusience or data mining rather than breaching of physical security. Things like forcing your HUE lights off or being able to know when certain lights are on or off in your house.

I guess, for me personally, I’m looking at the vulnerability of smartthings vs. normal things.

Could they be able to tell if my lights are on or off? Yeah… but if they just stood in the park by my house they could tell by looking at my house if somethings are on or off. Now they could potentially get more granular info… like if my whole house fan is on that’s probably a good indicator that someone is definitely home, but that may not help them much as they’d be more interested in if no one is home, and the fan being off doesn’t tell them that.

Could they potentially hack my z-wave door lock and open it? Yeah, but they could likely get in pretty easily other ways (picking the lock, smashing a window, swift kick to the door, etc). Obviously it looks less suspicious if they just go in a seemingly open door, but not so much so that the neighbors might now question why people they don’t know are taking things out of my house.

So yeah… the key here is what you already hit on:

I understand, just like physical locks, anything would be vulnerable, but it just depends to what degree…

In my, ever so humble opinion, nothing I’d put out there on the IOT has increased my vulnerability significantly. While I readily admit that it has increased it, I don’t think it has increased it much at all. And what little it does I’m willing to risk given the added convenience IOT has given my life.


(Geko) #3

Media loves scary stories because that’s what drives readership and therefore ads revenue. The fact that the most vulnerable to hacking devices like garage door openers and X10 devices existed well before the term “Internet of Things” was invented just skips their attention.


(Patrick Stuart [@pstuart]) #4

I once was interviewed by a 3 letter national news organization about how QR codes track people. They thought the printed squares could physically track you. That was their story.

After I explained it was just a visual bookmark to a website or app, they were upset they didn’t have a good story. Yes, websites track you. QR codes do not, but could with embedded codes in the barcode.

It would be Barcodes are scary, these new ones are in 2D and are tracking you…

Anyway, Yes Smartthings is vulnerable to hacking. So is every site / service you have a username and password.

What can you do about it? Have a strong password, unique to the service and change it often.

As for IoT devices being vulnerable. Yes they are, this won’t get better soon. Weak encryption, fixed keys, man in middle attacks, etc.

What can you do about it? Look for suspicious people walking around your house with a laptop. Typically in all black, pony tail optional. If you see this type, call the police.


(Chrisb) #5

Well, he wasn’t wearing all black, but he did come in a black helicopter. Does that count?

I think both of you ( @pstuart and @geko ) are of the same mindset as I am.

We make these decisions with EVERYTHING in life: What level of vulnerability are we willing to accept for the convenience we gain? This question isn’t new to the IOT, it just seems that way to some people. You want your computer to be hacker proof? Easy… turn off WiFi permanently and pull the ethernet cord. Shut down bluetooth and any other radio service, and fill in all the ports, except for the power cord of course, with epoxy. Oh, and never let it out of your sight for more than 15 seconds. Your computer is now hacker proof… and pretty close to worthless other than playing solitaire.

You want to make sure your car is never vulnerable to being stolen? Pull out all the spark plug wires every time you stop somewhere. Also put a padlock on the hood and a boot on a wheel. It’ll be pretty dang hard to steal now. Of course, it’s also terrible inconvenient to have to redo all these things every time to get ready to leave.

You want to make sure you never get mugged? Never leave the house.
You want to make sure you never die in an airplane accident? Never fly.
You want to make sure you never get attacked by a shark? Never go swimming… oh, and avoid mega storms near coastal cities like LA and NY.