5 Connected Car and Smart Home Security Risks
For years, cybersecurity experts have been warning about the potential of connected toasters, washing machines and all manner of connected home appliances to be targeted. Now, a growing number of vendors and security are demonstrating smart home security risk, and, in some cases, cybercriminals are attacking IoT devices to launch new types of attacks.
1. Hacked Nest Security Camera Warns of Nonexistent Missile Strike
A family in the San Francisco Bay Area was alerted to an alarm signal stating North Korean ballistic missiles were en route to sites in Los Angeles, Chicago and Ohio via a speaker in a Nest camera, according to The Mercury News. Convinced the message was real, occupants of the house scrambled to evacuate their home. But after calling 911 and Nest, the family learned the message was from a hacker rather than a government warning system. A statement from Google indicated that victims in similar attacks had their passwords breached and that two-factor authentication could greatly reduce the risk of such smart home security breaches.
2. Hacking-Based Car Theft and Other Hijinks
Late last year, researchers from KU Leuven University in Belgium demonstrated vulnerabilities in high-end vehicles equipped with a passive keyless entry and start system. In a video demo, they demonstrate how they could break the encryption in Tesla’s Model S key fobs in less than two seconds. In recent years, other researchers demonstrated the feasibility of other connected-car–based attacks against vehicles such as the Mitsubishi Outlander plug-in hybrid electric SUV and, most famously, a Jeep Cherokee. While researchers have stirred up considerable attention around the topic of automotive cybersecurity, a handful of thieves have made off with cars by intercepting the signal from key fobs.
3. Big Trouble With Little Voice Commands
Avast demonstrated at its MWC booth the risk of a breached Sonos speaker with an Amazon Alexa speaker nearby. When the Sonos system was fed a command such as: “Hey Alexa, add Tesla Model 3 to my shopping list,” the smart speaker gleefully complied. While the demo makes a point that the smart home opens up possibilities to manipulate smart speakers, thieves are more likely to procure a new Tesla by intercepting the signal from a key fob than attempt to order a vehicle on a stranger’s smart speaker.
4. Storming Smart Home Hubs
In the past couple of years, the concept of a smart home hub has gained in popularity following the introduction of devices such as the Echo Show, the Google Home Hub and the ease with which a tablet computer could be fashioned into a control center for the smart home. Last year at MWC, Kaspersky Lab researchers demonstrated the vulnerability of such a smart home hub, which can then be used to control theoretically any smart home gadget in the house. Kaspersky didn’t disclose the vendor’s name, but explained that if an attacker knows the serial number of the hub, or if the number is brute forced, he or she can easily extract login information and break the weak encryption protecting the password.
5. Smartphone Hacks That Could Lead to Home Burglary
In the most recent quarterly McAfee Mobile Threat Report, the cybersecurity company warns about the proliferation of Android-based malware such as TimpDoor, which was first discovered roughly a year ago. Because smartphones control smart home gadgets, the company writes that “it was only a matter of time before criminals looked for ways to trick users into letting them inside [their homes].” Victims of the TimpDoor attack may click on a link from a hacker’s SMS message, thus sidestepping the Google Play store.