As sales of connected home technologies increase, so too do the number of potential threats posed by hackers. Paul Skelton investigates.

At the July 2013 Black Hat Briefings in Las Vegas, software engineer Jennifer Savage, computer security professional David Bryan and SpiderLabs Trustwave managing consultant Daniel Crowley presented a paper on the potential vulnerability of internet-connected smart home technologies.

The Black Hat Briefings are a series of technical information security conferences that bring together leaders from all facets of the security industries – from the corporate and government sectors to academic and even underground researchers.

The paper, Home Invasion 2.0: Attacking Network-Connected Embedded Devices, explores the potential of exploitation in various market leading products, including Insteon, Sonos and Belkin’s WeMo.

The results have been widely reported and should be cause for concern among residential systems integrators globally – too many homes are being fitted with technology that can be easily compromised. Especially given prevention can be simple.

“While network connectivity is already commonplace for personal computers, mobile devices such as smart phones, printers and digital storage units, there are a growing number of network-connected devices that do not fit these traditional categories,” the group states.

“With some of these devices, a compromise would allow an attacker some control over the physical world, posing a different type of risk than that associated with a personal computer.

“We discovered exploitable flaws in nearly every device analysed, many with a low level of difficulty for exploitation.

“Considering that many of these devices have control over the physical world, the poor security measures suggest that introducing network-controlled embedded devices into one’s home or business puts one at risk for theft or damage. If these devices must be used, (we) strongly recommend that users isolate such devices from the rest of their network and disable their remote access capabilities, if possible.

“Network-controlled embedded devices do not frequently take security into account in their design, especially in terms of attacks from the local network. (Security measures do seem to be in place when accessing the reviewed devices from the internet.)

“There are also privacy concerns in the compromise of these devices. Compromise of a device with a built-in microphone or camera comes with the ability to perform audio and video surveillance. Compromise of a motion sensor could be used to determine when there are people at a physical location. Reading the status and door locks and alarm systems could also be achieved.”

So, how widespread is the problem of smart home hacking? And how vulnerable are the technologies that integrators are installing in homes around the world?

Steven Rissi is the technical project manager for CEDIA in the US.

“If you begin this conversation from a purely theoretical standpoint, any device that is connected to a communications network that has access to the internet (also called the Wide Area Network, or WAN) could be considered vulnerable to hacking,” he says.

“However, gaining access to devices that are connected as part of a private Local Area Network (LAN) has traditionally been somewhat difficult. This is due to the fact that in most cases these devices are protected by a firewall, most commonly found in the network router. The router is the gateway between the WAN and the LAN and as such acts as a sort of traffic cop to either allow or block access in one direction or the other.

“The increase in vulnerability in recent months has come from consumers’ desire to access devices that are on an ‘internal’ LAN while connected remotely to the ‘external’ WAN. In many cases, providing this type of remote access has been accomplished by opening ports, which could be viewed as building new roads through the router and removing the traffic cops from policing them. While this methodology is relatively easy to implement, and makes it convenient for the home owner to access their private network, it also increases the ease with which an uninvited guest can bypass the main gate and crash the party.”

Once a hacker has passed through the router/firewall by finding an open port, the only thing between them and access to your network is the combination of a username and password required by the device communicating through that port.

“If a hacker has enough knowledge, time and resources, cracking a password is not as difficult as many might think. But, that’s not the biggest threat.

“The most glaring problem with this scenario is that many devices that are configured for remote access are never updated with a new username/password combination, and finding the default for any particular brand and model of device only takes about 30 seconds. Even worse, some manufacturers are selling devices that don’t even have a default username/password; they’re just wide open and ready to talk to anyone unless configured otherwise.”

While this is not a new problem, Steven believes the growth in sales, technical developments and consumer acceptance of connected home technologies have made them a target for hackers.

“In the past, the home automation market was relatively small and only certain aspects of the connected home were actually connected (and those that were couldn’t be accessed remotely), making the effort to hack these devices a somewhat low yield activity for most hackers. Moving forward, as more connected products become available this makes the market more attractive as an area for hackers to exploit.

“That said, there have only been a handful of documented cases that I’m currently aware of concerning a smart home product being hacked in the real world. This means that as an industry, we still have the opportunity to get out in front of the threat and address it before the problems and instances become more widespread.”

So, what’s the solution?

“In addition to manufacturers doing a better job of including security protocols within their products, stemming this threat will require better educating consumers on the available options as well as the ramifications of improper or substandard network design and configuration/deployment. It will also dictate ensuring that those responsible for integrating these products are properly qualified to provide the level of network security desired by the client.”

Overall, Steven says, it’s not so much about a particular type of device or even about a particular brand/model, but more about understanding how network communication works and what the security risks of different methodologies for configuring remote access present.

“Probably the single most practical way to reduce the threat of being hacked, though, is to implement a network configuration that uses a Virtual Private Network (VPN) connection for remote access instead of opening ports on the router. When a client device connects to a private LAN through a VPN, the router effectively treats that device as if it is physically connected inside the LAN, rather than translating communication back and forth between the LAN and WAN and taking access requests from any device on the WAN. With a properly configured VPN setup, the communication is encrypted and only authorised devices can request access from the router/firewall.

“This type of network deployment will commonly require more robust hardware as well as a qualified network technician to design and configure everything properly. In other words, this type of setup is not something for the common DIYer and a low cost router from the neighbourhood box store is highly unlikely to provide the necessary features and reliability to do the job effectively.”

While there have undoubtedly been instances of multiple manufacturers falling short of including proper security protocols as a default on their devices, it’s important to keep that in perspective.

“When thinking about the phenomenon of the smart home, one must remember that the concept as a whole is still in its infancy. Many manufacturers that are taking traditional products from within the home and connecting them to the network for convenience have no history or experience in providing network communications security and as such it is an unfortunate afterthought during product development.

“Now, considering the amount of recent scrutiny occurring in this space, I’d venture to guess that proper connection security protocols will quickly move to the forefront of the conversation within the manufacturing community.

“Lastly, it cannot be overlooked that there is a strong onus on the part of the integrator as well as the consumer to know and understand the security implications of network access and control when outside the home. Many of the security issues with one device or another can be quickly and easily alleviated by implementing better overall network security rather than relying on each individual device to secure itself.”

To find out more on this subject, integrators around the country would be well advised to check out CEDIA’s one-hour webinar, Hacking Home Automation, by visiting http://bit.ly/l2lkjJ. Alternatively, they could also approach Cisco, Microsoft or CompTia for information on their networking certifications.