As our world becomes increasingly connected via the Internet, it only seems logical that the interconnectivity would eventually permeate our homes. "Smart devices" like alarm systems, locks, thermostats, and more that can be controlled over the Internet are gradually gaining visibility and creating legions of "smart homes." For all the technological advancements, however, it would appear that our houses are simultaneously becoming more vulnerable.
"Everything can be hacked," said Jerry Irvine, CIO of Prescient Solutions and a member of the National Cyber Security Task Force. "Here's the big picture: With Target...they're not saying it with certainty, but supposedly the way the hackers got into their network was through the HVAC network. That's a similar situation with us with our home solutions and our IoT [Internet of Things] environment."
Each of these connections, explained Irvine, is a potential risk for hackers to get into your internal network. Once they get into your network and place some sort of virus or even just a sniffer, they can see what's going on and everything becomes hackable. And when he says "everything," he means everything.
"Home security systems, thermostat controls, lock controls, opening and closing the garage, the lights, info on the fire alarms...basically anything that is there can now be controlled via a Wi-Fi network," he said. "In a home environment, the average person doesn't even have a password on their cell phone, which they're going to be connecting to their home systems. It's just not going to happen."
Craig Heffner, a vulnerability researcher at Tactical Network Solutions, expressed similar concern about how much potential smart devices have to be a vulnerable attack surface.
"Anything that connects to the outside internet or listens for outside connections would be of concern," said Heffner. "There are a lot of devices where you can connect to them remotely. You have to consider wireless — in other words, using your wireless network on its own and it's not secured. Then, someone would just have to be near your home and wouldn't even need a physical address." He went on to add that obviously if users properly secured their wireless networks, they would be safe from such attacks, but many people either don't do that or don't know how.
How attackers can actually gain access to your network via these smart devices can vary. One common scenario, however, would be is that if one of the devices was programmed to listen for connection and an attacker did a scan for devices that were doing exactly that. Even if the device is an innocuous one, like a temperature sensor, an attacker can hack into and use it as a "pivot point" once inside. In other words, they can use that device to bounce around and gain access to more important things. The simple solution, said Heffner, is to not make these devices publicly accessible.
Sign up for MIS Asia eNewsletters.