Smart home hubs leave users vulnerable to hackers | Jobs Reply


Smart technology demands to make our lives easier.

You can turn on your lights, lock your front door remotely and even adjust your thermostat with the click of a button.

But new research from the University of Georgia suggests that convenience may come at a cost — to your personal security.

The study focused on smart home hubs, the centralized device that enables you to control all your smart devices in one easy place. These hubs rely on technology that connects them – but not individual smart devices – to the internet.

The good thing is that all traffic to and from a smart home hub is encrypted. The bad thing is that we were able to … figure out what a lot of the activity was without even decrypting the information.” —Kyu Lee, Franklin College of Arts and Sciences

That’s important because in theory the hubs make using smart devices safer. In the past, cybercriminals have hacked into Internet-connected baby monitors or smart cameras in people’s homes, enabling them to monitor their target’s arrival and progress.

Academics cannot access a device unless it is Wi-Fi enabled.

But UGA researchers developed a system called ChatterHub that can successfully reveal the cyber activity of a variety of smart hubs almost 90% of the time.

Environmental portrait of researcher Kyu Lee in front of a brick building

Kyu Lee

“The good thing is that all traffic to and from a smart home hub is encrypted,” said Kyu Lee, lead author of the study and an associate professor in the Franklin College of Arts and Sciences. Lee is also the associate director of the UGA Cyber ​​Security and Privacy Institute. “The bad thing is that we were able to use machine learning technology to figure out what a lot of the activity was without even decrypting the information.”

ChatterHub does not need to be physically close to the system it is hacking. And the hacker does not need any prior knowledge of the types of smart devices or the manufacturer of the hub to break into the system remotely.

Encrypted information can still be useful to criminals

Smart hubs send packets of information to and from individual devices. That lets you stream some music via an app or check your Ring camera when you’re out and about and get a delivery.

Those packets of information are encrypted, meaning that an outsider cannot know exactly what is said in them.

“For example, when a smart home lock is locked, it sends a packet to the hub, and the smart home hub forwards that to the server,” Lee said. “We can’t see the actual information locked by the lock, but using the patterns, the packet size and the timing of the packet, we can figure that information out with very high accuracy.”

Even though the information is encrypted, it can still be used by attackers.

They can figure out a homeowner’s daily patterns and determine if someone is home at a particular time, putting the homeowner at risk of a break-in.

If we inject some garbage packets into the patterns … that packet will be sent to the smart lock and may cause malfunction.” — Kyu Laoi

Perhaps more worryingly, they can inject their own random packets into the information going to and from the hub.

“If we inject some garbage packets into the patterns we found from the machine learning programs, that packet will be sent to the smart lock and potentially cause it to malfunction,” Lee said. “So that can prevent the homeowner from locking their door.”

If the criminals are smart, you probably won’t even know your door isn’t locked because the app will say it’s locked properly, just like normal. So even though you think your home is secure, the hackers know it’s not.

Cybercriminals can use a similar tactic to drain the batteries in smart devices by flooding the hub with useless packets, the researchers said. But there is a risk that the smart home hub will alert the home owner about a low battery.

Changing passwords can keep smart devices, routers safe

So what can users do to protect themselves? Unfortunately, not much.

The real solutions must come from Samsung, Amazon and other smart home hub giants, Lee said.

The manufacturers could use techniques called packet padding, which means that the packets sent back and forth from the hub would take the same length. Therefore it would be impractical for hackers to determine which packets do what, which would prevent them from, say, determining which ones are connected to your door lock, for example.

Another option for the technology companies is to implement random sequence injection, where the hubs send irregular and meaningless packets to the network. This makes it more difficult to detect which packets contain useful information.

A woman holds a mobile phone in her hands at a wooden table in her home and installs a smart home application with her computer in the background.

One of the simplest ways to protect your smart devices from hackers is to turn on the firewall on your router and choose difficult passwords for the system, the researchers said. (Getty Images)

In the study, the researchers showed that the use of these techniques succeeds in hiding the unique network patterns generated by smart devices, making it difficult – if not impossible – for hackers to break those codes.

Until the companies implement such strategies, however, you can take some easy steps to make your network more secure, Lee said.

Make sure the firewall in your router is turned on. Keeping hackers out of your router is critical. Once inside, cybercriminals can monitor all the network packets in your home and can easily figure out your smart device habits.

We say in the cyber security world that the human is the weakest link.” — Kyu Lee

You will also want to change the passwords on your individual smart toys.

Keeping your devices safe is as easy as picking different hard-to-hack passwords for each one. But many people use an iteration of ABC123 or others that are easy to remember, leaving them vulnerable to cyber attacks.

“We say in the cyber security world that the human is the weakest link,” Lee said.

Published in Pervasive and Mobile Computing, the study was co-authored by UGA’s Omid Setayeshfar, Karthika Subramani, Xingzi Yuan, Raunak Dey and In Kee Kim, and Dezhi Hong of the University of California, San Diego.



Source link