Are smart homes hackable?

Entry gate for hackers and co. Baby monitors, surveillance cameras, dog monitors - they really are that safe

Heaters that can be switched on on the way home, sockets with remote control, doors that can be opened with a smartphone, cameras for your own four walls or for monitoring pets from a distance: with a little effort and time, apartments and houses can be built upgrade to so-called smart homes. The retrofit solutions often don't even cost a lot of money. However, intelligent home technology has a number of weak points that hackers or intruders could use.

Hackers caught Insights into strange living rooms

Reports that hackers can peek into other people's living rooms thanks to a security hole in surveillance cameras are causing a stir. Others could switch off the electricity or open the shutters via the Internet. An article by the ZDF magazine WISO showed how a security expert took over the technology of a smart home building. He had gained access to the technology in the house via a connection to a motion detector in the front yard.

These are currently still very complex attack scenarios, but they are feasible. And everyone who installs such technology opens a new flank.

Christian Gollner | Rhineland Palatinate consumer advice center

Blackmail via smart home systems

Maik Morgenstern from the independent security institute AV-Test in Magdeburg sees two ways in which third parties could control smart home technology from the outside: "On the one hand, there is the hacker who looks on the Internet to see which systems are open to the outside world and where they are can penetrate. " After all, many of the control units are connected to the Internet in order to enable their users to access them via browser or smartphone. "Second, we see the hacker near the house who can break into the wireless network," adds the AV-Test managing director.

Sven Hansen from the computer magazine c't sees it similarly: "The radio that connects everything is currently a weak point because it is partly unencrypted". Hackers can then read the user data with which the apartment owners log in and use it to control doors or roller blinds from the outside. That makes a break-in easier. "We believe, however, that the burglary scenario is less relevant. Instead, it could go in the direction of blackmail Trojans," says Maik Morgenstern. Above all, smartphones and computers would be hijacked and only released against a ransom. The same scenario is also conceivable for smart home technology.

Experts: Too many gaps in smart home systems

According to experts, many of the manufacturers of smart home technology currently do not pay enough attention to security or make mistakes. "We have now tested around 20 such systems and at least half of them have serious gaps," said Morgenstern. For example, the software on the control units - the so-called firmware - may be defective. Hackers can then install malicious codes on the devices. Many devices are also shipped from the factory with weak passwords such as "1234". Anyone who knows the standard password then also has access.

Often the users are not explicitly advised that they should change the standard passwords when setting up the smart home technology. Sven Hansen sees the manufacturers' duty here: "A more careful approach would be helpful and the devices should be checked as standard by people who are familiar with them in order to offer users the greatest possible protection." The experts' criticism of the manufacturers applies equally to retrofit solutions and smart home technology used in house construction. With the latter, "there is no radio, but the control units can be accessed via the Internet and are therefore vulnerable," explains Maik Morgenstern.

Change passwords, do not control devices in open WLAN

Unfortunately, there is currently no uniform and reliable seal of approval for smart home devices that are reliably protected against external attacks. The "Zwave +" standard is often advertised in this context. "However, Zwave + only makes one statement about how the sensors communicate with the control unit and that you cannot avoid this route," warns Maik Morgenstern. The whole thing does not give any indication of how well secured Internet access is.

Sven Hansen from c't also advises users not to pay too much attention to advertised quality seals. "The number of stickers says nothing about quality." He advises users of smart home technology to fundamentally change all device passwords. That makes it difficult for strangers to gain access from the outside. Maik Morgenstern has an additional tip: "If you want to control the technology at home while you are out and about, you shouldn't do it via public WLAN." Often the user data is currently still being transmitted unencrypted, which hackers could access in the same WLAN.

Conclusion

With smart home technology, too little attention is paid to security against external attacks. According to the experts, manufacturers urgently need to make improvements. In addition, there is no generally valid seal of approval. Hackers can primarily access the control of lights, shutters or locking systems because the devices are not sufficiently protected against attacks via the Internet. However, the experts do not believe that smart home technology increases the risk of break-ins into an apartment or house.