Shedding Light in the Darkness

Hacking the Internet of Things


Tech companies have been pushing the Internet of Things, the concept of allowing people to control home appliances etc through their smart phones. But new findings suggest these systems can give hackers the tools needed to operate smart locks, change access codes and set off Wi-Fi enabled smoke detectors.

The University of Michigan hacked Samsung’s SmartThings in four successful attacks and used the systems own SmartApps to carry each one out.

By evaluating the platform’s security design and investigating the 499 SmartThings third-party apps (SmartApps), researchers found the biggest problem is that 40 percent of the apps are ‘over-privileged’. The idea that an app is over-privileged means it can gain access to more operations on the device than it needs to perform its function.

“The access SmartThings grants by default is at a full device level, rather than any narrower,” Atul Prakash said, computer science professor at the University of Michigan.  “As an analogy, say you give someone permission to change the light bulb in your office, but the person also ends up getting access to your entire office, including the contents of your filing cabinets.”

Over-privileged apps is the security loop-hole that allows hackers to create back doors into the SmartThings system. During the first attack, researchers were able to unlock electric doors by simply sending users a malicious link in a third-party app.

The team was also able to inject erroneous events in fire alarms or lights that turned them on or switched them to vacation mode. These results have implications for all smart home systems, and even the broader Internet of Things, researchers said.

“The bottom line is that it’s not easy to secure these systems,” Prakash said.



One response to “Hacking the Internet of Things

  1. Claude Robichaux May 3, 2016 at 4:38 am

    Trading security for convenience, everyone but the TSA (and the DMV) is doing it these days. I noticed that with these smartass phones, that in order to up or down-load these ridiculously unnecessary apps you have to sign away all your rights to privacy by allowing the app to look at, alter and control just about anything in or on the phone including messages and photos. To give them carte blanche to your home is just insane.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: