more stories from this episode
The Smart Home sounds like a great idea. Control the heat so it’s nice and toasty when you get home! Feed your pet remotely when you’re stuck at work!
But is the smart home an unsafe home? The recent DDoS attack that temporarily downed popular websites relied on connected household devices like DVRs. Now, new research shows that smart light bulbs may be vulnerable to hacking.
Colin O’Flynn is a PhD student at Dalhousie University in Halifax. Along with fellow researchers in Israel, he made Philips Hue smart light bulbs install a phony firmware update. From there, O’Flynn was able to control the lights remotely. “This meant that you could reprogram them to do anything you wanted,” O’Flynn says. “I could load software on them that just made them completely non-responsive, or made them blink really fast like a strobe light.”
Philips has corrected this vulnerability, but it raises broader questions about the security of smart home devices.
Atul Prakash is a computer science professor at the University of Michigan. He specializes in computer security. “I would be cautious, overall,” Prakash advises. “The technology is relatively new. Hardware is probably a little bit ahead of the software at this point, and a lot of vulnerabilities we are seeing are primarily on the software side of things.” The software on smart devices gets compromised, he explains. “That’s what caused the Denial of Service attack.”
Despite these concerns, there’s a push to popularize the smart, connected home. Smart speakers from Google and Amazon, and Apple’s HomeKit system aim to streamline control of those smart devices, bringing them under a central hub. “They are good companies behind these products…with a lot of expertise, but nevertheless it’s an active area of research to find security flaws,” says Prakash.
Google Home acts as a hub for your connected devices. (madeby.google.com)
For smart speakers, one risk is that malicious audio could compromise the system. Recent work has shown that this may be a problem in the future. “So essentially you could have…what looks like noise to a human ear, but is actually interpreted as commands,” Prakash says. “So there could be something in the background, or somebody else in the background that could play some audio but instruct your [speaker] to act in ways that you didn’t expect.”
