Smart homes aim to automate all household tasks, from setting the temperature to activating the home security system. In order for the home to be “smarter,” appliances are connected to one network to work together. These networks are either wired or wireless and then connected to a server outside the house. The server collects information from the appliances, such as security codes or room temperature. This data is then processed. Then computers on the server can decide what the appliances can do to make the inhabitants of the house comfortable. The server then sends a command back to the appliances, the thermostat for example, and adjusts the temperature automatically. The presence of sensitive data on the network makes it vulnerable to hackers.
As reported on CNN, researchers at the Black Hat and DefCon computer security conferences early this month in Las Vegas were able to hack a $6,000 Japanese ‘smart’ toilet and control the bidet. This may sound a clever prank, but it shows how much control consumers have over their ‘smart’ appliances and the personal data they make available. Smart home owners are facing a very tricky security issue, especially given that most appliances don’t employ very strong encryption when sending data through the Internet.
Some security systems are now connected to and controlled through the Internet, raising additional risks. Security devices such as digital door locks, alarm systems, and monitoring devices can be accessed remotely through a computer or even a mobile device. Motion detectors can be installed in a house and text the owner when it detects an intruder. Security cameras can live stream videos halfway around the world.
As smart home devices and appliances become widely available and considerably affordable, researchers at the conference cautioned consumers to consider their security, and warned that manufacturers are not taking security measures seriously.
Even consumers are not aware or even concerned with how they are exposed. A cute bunny toy called Karotz that automates tasks like checking email and weather reports is equipped with a video camera, microphone, and RFID chip. Karotz can be controlled by a smartphone app that utilizes the Internet to send and receive commands. Software engineer Jennifer Savage was able to control the device from the computer and remotely watch live videos. Similar toys can unwittingly be turned into covert surveillance cameras accessible to any interested third-party.
At a Black Hat session, Daniel Crowley demonstrated how anyone with enough skills can hack into a front-door lock and open it from a computer. He asked an audience member for a random four-digit number and successfully changed the lock’s code. Crowley says that the smart-lock technology is still too undeveloped to be released to the public.
“If someone breaks into your house and there’s no sign of forced entry, how are you going to get your insurance money back?” he said.
Recently, Americans’ digital privacy troubles were highlighted when Edward Snowden revealed the clandestine mass electronic surveillance data mining program operated by the NSA since 2007. PRISM began under George Bush, Jr.’s administration as a part of Protect America Act. The Guardian and the Washington Post reported on June 6, 2013 that the FISA Court had been ordering Verizon to turn over logs tracking customer calls on a daily basis.
U.S. government officials have since denied some aspects of the allegations and defended the program, saying that it helped prevent acts of terrorism. They pointed out that it cannot be used on Americans without a warrant, though that has been circumvented numerous times.
An internal NSA presentation also surfaced and showed that the agency can access data through the servers of dot com giants like Google, Apple, and Facebook to perform “extensive, in-depth surveillance on live communications and stored information.” Email, chat logs, videos, photos, voice-over-IP chats and social networking details are said to be collected during the course of the project. The House of Representatives is already moving to vote for the closure of the program. The White House still argues for keeping PRISM amidst, despite the public’s negative reaction.
With smart home technologies already in development, surveillance programs can now peek inside Americans’ residences. Highly private data such as schedules and daily activities are collected by hi-tech appliances throughout the day and could be made available to anyone with access to the servers.
“The information that’s available in a smart home can be really extraordinarily detailed,” says Rebecca Jeschke, media relations director at the Electronic Frontier Foundation.
“The technology is such that it won’t be too long before you can look at somebody’s power usage be able to know when they opened the fridge or how much food was in it,” added Jeschke. “And that’s without a wired fridge. That’s just the power.”
And though the prospect of the government accessing such private data is chilling, it’s not even the only risk. Anyone with enough technical skill to hack a server can potentially harvest this data, to who knows what end.