Belkin WeMo security holes

Who do you trust to create a secure internet-enabled device?

http://arstechnica.com/security/2013/01/hack-turns-the-cisco-phone-on-your-desk-into-a-remote-bugging-device/
http://arstechnica.com/security/2013/04/using-a-linksys-wi-fi-router-it-could-be-ripe-for-remote-takeover/
http://securityevaluators.com/knowledge/case_studies/routers/netgear_wndr4700.php

And those are companies that design equipment for networking. Exposure to the internet is fundamental to what they are doing. For automation companies, the network aspect is at best secondary.
 
This forum has over 17K members.  It would be interest to know if any of them have had a stranger hack in and controller their HA devices.  (excluding X10 since it is trivial if they are in close proximity)
 
Well... just to be on the safe side I put my VoIP box (Ooma) in it's own VLAN for these same reasons. For the service to function properly it needs to create a permanent tunnel to their servers - so isolated it becomes :)
 
If there is no money involved, it is unlikely many hackers will spend time trying trying to turn on or off your lights or adjusting your thermostat. Even if they could turn off your alarm, do you actually think they are going to do that so they can rob your house?  For one thing, they probably have no idea WHERE your house even is. Target gets hacked because there is millions of dollars to be gained from it. I have a network drive on my network, with clearly open ports and a very simple password, to see if anyone ever attemps to break in to it. In over 6 years, nobody has so much as tried. Certainly security is important, but I doubt full hacking of a home automation system occurs that often. There are a whole of articles on how it CAN happen, but not many if any how it actually has occured. I'd have to bet a light going on or off by itself is a million more times likely occuring from noise on the powerline than it is from a hacker.
 
Most users have never had a house fire or a burglary either. Yet we still have locks and smoke detectors.
 
jdale said:
Most users have never had a house fire or a burglary either. Yet we still have locks and smoke detectors.
I don't think you would have a hard time tracking down a house fire or a burglary if you looked in your local newspaper.  How many articles do you find on home automation systems being hacked.
 
As I mentioned previously, its also about money.  If your house burns down or your burglarized, it definitely does cost you money, and in the case of burglary a "robber" certainly does it for the profit.  I don't see the money path if someone in China or Russia manages to turn on your ceiling fan.
 
Well there are some potential schemes:

Turn a large distributed device network into a botnet. Though in this case it is in their best interest to keep the botnet undetected and operational so they probably won't mess with your device function.

Install ransomware and force you to pay so that your devices are allowed to function again.

Use the access to infect other devices on your network such as PCs or mobile phones with malware.
 
Back
Top