“A smoke detector that sends you a text alert when your house is on fire seems like a good idea. An internet-connected door lock with a PIN that can be programmed from your smartphone sounds convenient, too,” Andy Greenberg reports for Wired. “But when a piece of malware can trigger that fire alarm at four in the morning or unlock your front door for a stranger, your ‘smart home’ suddenly seems pretty dumb.”
“one group of researchers at the University of Michigan and Microsoft have published what they call the first in-depth security analysis of one such ‘smart home’ platform that allows anyone to control their home appliances from light bulbs to locks with a PC or smartphone,” Greenberg reports. “They discovered they could pull off disturbing tricks over the internet, from triggering a smoke detector at will to planting a ‘backdoor’ PIN code in a digital lock that offers silent access to your home, all of which they plan to present at the IEEE Symposium on Security and Privacy later this month.”
“The Microsoft and Michigan researchers focused their testing on Samsung’s SmartThings platform, a networked home system that’s in hundreds of thousands of homes, judging by Google’s count of downloads of its Android app alone,” Greenberg reports. “In a statement, a SmartThings spokesperson said that the company had been working with the researchers for weeks ‘on ways that we can continue to make the smart home more secure,’ but nonetheless downplayed the severity of their attacks… The researchers say, however, that their attacks would still work today as well as they did when they first approached SmartThings; neither the Android app they reverse engineered to exploit the SmartThings authentication flaw nor the privilege overreach flaw itself has been fixed.”
Read more in the full article here.
MacDailyNews Take: Now, to be fair, this only because there are those who’ll waste their money on half-assed Samsung crap. “SmartThings.” From Samsung? Puleeze.
Samsung. StupidThings for StupidPeople™.
SEE ALSO:
Elgato Eve connected-home system: Elegant design and operation with HomeKit compatibility – February 16, 2016
Honeywell announces ‘Lyric Round’ smart thermostat with Apple HomeKit integration – January 5, 2016
Apple HomeKit-compatible thermostat Ecobee closes in on Google’s Nest – September 28, 2015
Apple pulls Google’s Nest thermostat from stores with launch of HomeKit-compatible Ecobee 3 – July 23, 2015
First Apple-certified HomeKit-compliant devices launch – June 2, 2015
Google engineer trashes Tony Fadell’s precious Nest smoke alarm – February 19, 2015
With HomeKit and Honeywell’s Lyric, a Nest acquisition by Apple would have been foolish – June 18, 2014
Will Apple’s Internet of Things vision hurt a beautiful idea? With HomeKit, Apple promises easy home automation – June 6, 2014
Smart thermostat war heats up as Apple-partner Honeywell takes aim at Google’s Nest – June 13, 2014
Honeywell takes dead aim at Google’s Nest with new iPhone-compatible Lyric smart thermostat – June 10, 2014
Google to SEC: We could serve ads on thermostats, refrigerators, car dashboards, and more – May 21, 2014
Dead to me: Apple’s Schiller ‘unfollows’ Tony Fadell and Nest after Google acquisition – January 18, 2014
[Thanks to MacDailyNews Reader “Edward W.” for the heads up.]