A “Smart Home” is designed to make things easier for people.
They’re filled with internet-connected devices that can do a lot of cool stuff, like open the doors or turn up the temperature in the house remotely.
And it’s catching on. According to a report by marketsandmarkets.com, the home automation industry is supposed to grow from $32 billion in 2015 to nearly $80 billion in 2022.
But security experts believe if consumers are not careful, those home devices could be susceptible to hackers.
That’s why we enlisted the help of ethical hackers with Emergent Networks to simulate how a hack can occur and what consumers should do to protect themselves.
KARE 11 used a home that has several internet-connected devices, including devices that allowed the home owner to open up the garage door or the back door remotely.
“Most of my time doing these type of engagements. I’m using tools I don’t have to spend a dollar on,” said Brian Johnson with Emergent Networks.
Johnson hacks into clients’ computer systems for a living to find weaknesses. Using free tools on the internet, he demonstrated how easy it can be to find a vulnerability so many of us forget about.
He discovered the home’s router had a password easy to crack.
“I got his password. I can now join his network and find other juicy targets,” said Johnson.
On their own, the home automation devices have strong passwords, but he discovered a backdoor in the owner’s computer.
“We could connect to his Windows server that controls a lot of the automation and that had no password on it,” he said. “I can just click a button and that front door, I can pop the lock open in about 10 seconds.”
This process actually has a name.
“It’s called war-driving. People go around looking for insecure wireless,” said Jake DeWoskin, also with Emergent Networks.
But he says hackers usually target big companies, not homes. But DeWoskin fears it won’t be for long as home automation becomes more popular.
“We will start to see an increase in individual homes being targeted because of the leverage or use of home automation,” he said.
We showed what we found to Steve Howe, a homeowner in Apple Valley who has few automated internet-connected devices.
“That’s crazy. I mean, that’s not what you want,” he said. “I think will be going back and checking out some passwords after this.”
That’s exactly what the experts want people to do.
“It’s not to suggest there’s not value for home automation,” he said. “But like any other technology, there are things people should consider.”
He gives these tips:
Follow the setup guidelines and instructions.
Regularly check for software updates for your devices.
Don’t leave usernames and passwords at the default setting.
Use complex passwords at least 8 to 10 characters long. (Some people use entire sentences).
And get into the habit of changing passwords often around the times you change your furnace filter or batteries on your smoke alarms in your home.
DeWoskin and Johnson argue even the most advanced home may not always be the most secure.
“There is a cyber war going on. And the battlefield is increasing in size and it’s increasing in complexity. And it’s no longer targeted at big business,” he said.