5 Connected Car and Smart Home Security Risks

The themes of automotive and smart home security are getting more attention as cybersecurity researchers and cybercriminals set their sights on those targets.

Brian Buntz

March 4, 2019

3 Min Read
A silhouette of a hacker with a black hat in a suit enters a hallway with walls textured with blue internet of things icons 3

For years, cybersecurity experts have been warning about the potential of connected toasters, washing machines and all manner of connected home appliances to be targeted. Now, a growing number of vendors and security are demonstrating smart home security risk, and, in some cases, cybercriminals are attacking IoT devices to launch new types of attacks.

1. Hacked Nest Security Camera Warns of Nonexistent Missile Strike

A family in the San Francisco Bay Area was alerted to an alarm signal stating North Korean ballistic missiles were en route to sites in Los Angeles, Chicago and Ohio via a speaker in a Nest camera, according to The Mercury News. Convinced the message was real, occupants of the house scrambled to evacuate their home. But after calling 911 and Nest, the family learned the message was from a hacker rather than a government warning system. A statement from Google indicated that victims in similar attacks had their passwords breached and that two-factor authentication could greatly reduce the risk of such smart home security breaches.

2. Hacking-Based Car Theft and Other Hijinks

Late last year, researchers from KU Leuven University in Belgium demonstrated vulnerabilities in high-end vehicles equipped with a passive keyless entry and start system. In a video demo, they demonstrate how they could break the encryption in Tesla’s Model S key fobs in less than two seconds. In recent years, other researchers demonstrated the feasibility of other connected-car–based attacks against vehicles such as the Mitsubishi Outlander plug-in hybrid electric SUV and, most famously, a Jeep Cherokee. While researchers have stirred up considerable attention around the topic of automotive cybersecurity, a handful of thieves have made off with cars by intercepting the signal from key fobs.

3. Big Trouble With Little Voice Commands

Avast demonstrated at its MWC booth the risk of a breached Sonos speaker with an Amazon Alexa speaker nearby. When the Sonos system was fed a command such as: “Hey Alexa, add Tesla Model 3 to my shopping list,” the smart speaker gleefully complied. While the demo makes a point that the smart home opens up possibilities to manipulate smart speakers, thieves are more likely to procure a new Tesla by intercepting the signal from a key fob than attempt to order a vehicle on a stranger’s smart speaker.

4. Storming Smart Home Hubs

In the past couple of years, the concept of a smart home hub has gained in popularity following the introduction of devices such as the Echo Show, the Google Home Hub and the ease with which a tablet computer could be fashioned into a control center for the smart home. Last year at MWC, Kaspersky Lab researchers demonstrated the vulnerability of such a smart home hub, which can then be used to control theoretically any smart home gadget in the house. Kaspersky didn’t disclose the vendor’s name, but explained that if an attacker knows the serial number of the hub, or if the number is brute forced, he or she can easily extract login information and break the weak encryption protecting the password.

5. Smartphone Hacks That Could Lead to Home Burglary

In the most recent quarterly McAfee Mobile Threat Report, the cybersecurity company warns about the proliferation of Android-based malware such as TimpDoor, which was first discovered roughly a year ago. Because smartphones control smart home gadgets, the company writes that “it was only a matter of time before criminals looked for ways to trick users into letting them inside [their homes].” Victims of the TimpDoor attack may click on a link from a hacker’s SMS message, thus sidestepping the Google Play store.  

About the Author(s)

Brian Buntz

Brian is a veteran journalist with more than ten years’ experience covering an array of technologies including the Internet of Things, 3-D printing, and cybersecurity. Before coming to Penton and later Informa, he served as the editor-in-chief of UBM’s Qmed where he overhauled the brand’s news coverage and helped to grow the site’s traffic volume dramatically. He had previously held managing editor roles on the company’s medical device technology publications including European Medical Device Technology (EMDT) and Medical Device & Diagnostics Industry (MD+DI), and had served as editor-in-chief of Medical Product Manufacturing News (MPMN).

At UBM, Brian also worked closely with the company’s events group on speaker selection and direction and played an important role in cementing famed futurist Ray Kurzweil as a keynote speaker at the 2016 Medical Design & Manufacturing West event in Anaheim. An article of his was also prominently on kurzweilai.net, a website dedicated to Kurzweil’s ideas.

Multilingual, Brian has an M.A. degree in German from the University of Oklahoma.

Sign Up for the Newsletter
The most up-to-date news and insights into the latest emerging technologies ... delivered right to your inbox!

You May Also Like