How To Secure Your Smart Home: My smart home becomes a nightmare

Smart Homes seem to make life a lot more enjoyable and easier - all these little everyday routines are now either automated or can be controlled from the phone. But we can only enjoy these benefits if we can be sure that our networked home is protected and very secured. 

Smart Home

Smart devices will make our lives much more enjoyable and efficient in the future. We will use fewer resources but still live comfortably. Imagine your life, as smart home developers would like to see it: A long working day is over, You gets into your self-driving car, and all you need to say is TAKE ME HOME. Your gate and doors open automatically, The house is already preheated and the light in the hallway slightly dimmed, The Music plays softly, The kettle turned ON when you entered into the kitchen. You have your dinner and relax on the sofa, of course with your smartphone in hand, to dim the lights and turn on the TV.

However, the whole scenario described above could also lead to you acting a top chart move Title: "When the smart home becomes a nightmare." Nothing happens when you get to the front door: Face and iris seem to be forgotten. You open the door only to enter the unusually dark house with freezing cold. Your smartphone and then automatically shuts off, The TV automatically switched on - but instead of the evening program, you get a live feed of your self on the Tv screen - cameras send straight signals to the TV. In the background, you already hear the sirens of the fire brigade.

What on earth's sake happened? Sorry!!! Your smart home has been hacked

Our study from Research has found that only 10.1 percent of Africans live in a smart home and another 20 percent are interested in doing so.

A catalyst for the Internet of Things in your own home is the smartphone. There are currently 2.6 billion smartphone users in the world; by 2020, their number is expected to rise to 6 billion. The pocket computer together with the mobile web and various sensors form the communication infrastructure - and at the same time, it is the control center for Smart TV, networked thermostats or the intelligent refrigerator.

The speed at which we adopt new technologies and integrate them into our everyday lives has increased significantly in the smartphone age. Thus, the Internet of Things has developed rapidly from an early adopter market to mainstream. The safety aspects of the smart devices are getting a little under the wheels.

The study by Specialist has also revealed that 74.8 percent of Africans are afraid of hacker attacks in the smart home. 80.8 percent fear for their privacy. These concerns are not unfounded because almost every week vulnerabilities in networked products come to light. This is hardly surprising, since the networked thermostat costs as little as possible, but should be able to do a lot. Safety is left behind, especially as it lacks uniform international standards as well as clear responsibilities.

Does the router provider need to ensure security or the developer of the smart home helpers? Currently, the customer himself seems responsible for his protection and his privacy.


The threat

AV-Test's antivirus experts tested seven smart home products for their safety in 2014. There were four products because of gross safety deficiencies. Hewlett Packard's researchers are also skeptical of many of the products on the market: In their 2014 study on the Internet of Things, they said they tested ten of the most popular products - without naming them. 70 percent of the products then communicated via unencrypted network services: a hunt for hackers.

80 percent were satisfied with weak passwords a la 12345. For the majority of the devices, the HP experts also found security weaknesses, which help hackers to find out the names of user accounts or inject malicious code. Annoying: 90 percent of devices collected personal information about the user, such as name, address or even credit card number.

The lack of security awareness of some manufacturers is particularly threatening because smart home products are a growth market. According to Wirtschaftswoche, market researchers expect sales of 15.2 billion dollars worldwide in 2015 - three times as much as in 2012. Does this mean that in the future you will hear more frequently about security problems such as the hacked toilet from Lixil?

In 2013, security experts from Trustwave found a gap here, with which hackers can open and close the lid remotely and trigger the bidet function or the built-in hair dryer. The manipulation was carried out via Bluetooth, a widespread wireless technology that is on board in virtually all mobile devices such as laptops or smartphones. Any attacker with a Bluetooth device can overhear the radio traffic of a smart home device using this technology.

There is also software such as BTCrack, with which hackers crack the encryption of such connections. Once cracked, it's usually not difficult to send your orders. The only protection is the low range of Bluetooth. An attacker must approach the device for about ten meters to hack it.

Manipulate routers

Another attack vector is the router itself. As with other manufacturers, AVM has also been known to have vulnerabilities in router firmware in the past. An example is the attacks on a Fritzbox! -Sicherheitsluecke from February 2014. About this attackers could carry expensive telephone calls over the routs of their victims. This gap has long been closed by a security update. Nevertheless, it is not excluded that new gaps occur with new firmware or operating system versions. Incidentally, Fritz! Dect 200 automatically updates the socket firmware. The described gap presupposed that for the respective routers the Internet access was activated. However, you need exactly this function to control the Fritz! Dect-200 sockets remotely.

In addition to Internet access, there are other ways to manipulate a router. For example, via the web interface of the respective device. This works like this: If the user is currently logged on to the router with his PC, you can give his browser a fake web address in the form https://192.168.1.1/? Command = push firewall off. It does not help that the side of the router has just been closed. The browser still forwards the command to the router.

The technique is called cross-site request forgery (XSRF, side overlapping request forgery ). Pushing the dangerous web address can be done in different ways: about malware on the computer, a fake link or a script on a website. Simple countermeasure: After configurations on the router you should always close the browser and restart. Of course, the router should be backed up by a strong password. Another potential point of attack is the Universal Plug and Play (UPnP) protocol, which you can enable on many routers.

Take data thieves with Wireshark

If you are worried about your privacy, you have to investigate if you are being spied on. As a user, you can control what your Smarthome devices will send to the Internet if your router has a log function (this is the case, for example, with Linksys, Fritzbox or Speedport models). If you have successfully logged the data on your line, you need two things: basic knowledge of network technology - at least as far as IP addresses and protocols are concerned - and an analysis tool such as the free Wireshark. Download the log file to Wireshark and evaluate it. Now you can see exactly who sparks over your network and perhaps spy on you.

The smart home brain "Hub": This allows Smart Hubs to be hacked

A smart hub is, in a sense, the nerve center and brain of your smart home. Usually, this is a small box that is available with or without a touchscreen, depending on the model. Through specific protocols, the Smart Hub communicates with all smart devices in your home; these "respond" to the Smart Hub by providing it with information or commands.

The smart hubs of a specific vendor (whose name we do not want to mention here) did not show any significant security holes in their code at first glance. However, a few logical mistakes were enough for our experts to hack the Smart Hub without any access to the user's Wi-Fi network.

To control the hub through the web portal, the user sends a synchronization command from the web interface to the hub. Initially, it looks like an entire configuration file is mapped to a hub with a specific serial number, which is then downloaded and implemented by the hub. However, the file is sent over an unencrypted HTTP channel, and only the serial number of the hub is used to identify the recipient.

So if an attacker knows the serial number of the target hub, he can send a custom configuration file to the hub, which will be accepted without additional communication. This may sound unlikely, but most users are unaware that the serial number is the master key to their smart home system. Therefore, they are happy to publish reviews on their smart hubs on YouTube and keep all the information needed to hack the hub - including serial numbers. As if that were not bad enough, it turns out that the serial numbers can fall victim to brute force attacks.

The username and password for each Smart Hub can be found in the configuration file. The username can be extracted immediately without further ado; at least the password is encrypted. However, encryption is not particularly strong and can be interrupted fairly quickly with publicly available programs. Also, the provider does not provide complexity requirements for passwords; thus hackers have an easy game.

With username and password, a hacker can gain complete control over the Smart Hub and all devices connected to it; So the reversal scenario described by us is not even so outlandish.


Let us consider the ultimate steps which can help you stay safe from these hackers, and in turn help you keep your house and your personal data safe!

It's important to understand how your smart home works: Smart devices like a smart TV or baby monitor can sometimes exchange data with other devices on the same home network and act on the information they receive. Users, in turn, interact with the connected devices to set up, give instructions or access data.

But the devices do the bulk of the work independently without human intervention. This is made possible by tiny, embedded components, which ensure that almost everything can be "connected." They build on the fact that home and business networks are online and often process data online through cloud-based software that can analyze huge amounts of data from many different users together. To communicate with the outside world or, for example, the smartphone, networked devices typically connect to the Internet via a home Wi-Fi network and a router. Thus, the smartphone and the router are the most important keys to your smart home.


The following six tips are designed to help you build more security in your connected home.

1. Secure smartphone

The smartphone is the command center of the smart home. On the way, it is checked whether the stove is switched off or the heating is turned on so that it is cuddly warm in the apartment after work. If the smartphone is lost or hackers access the device via insecure apps, it quickly becomes icy in the networked home.

It makes sense, therefore, to install a mobile security solution on the smartphone. In case of theft, you can use it to block access to the mobile phone or to check an app before installation. A password for the key lock is understood by itself.

2. Change the password of your router

For both the router management software and the SSID, default passwords such as "admin" or "12345" are usually already preconfigured in the delivery state. SSID is a generic term for the network name: When setting up a home wireless network, set a name to distinguish it from the other networks in the neighborhood. That's the SSID.

Tip: If someone gains access to an unsecured network and knows which router to use, they can quickly find out the default password of their administrator account through a quick online search. Therefore, you should set a network name that does not allow any conclusions about the router type or brand.

The administrator password is set through the router management software prompt, usually in an area called "System" or "Administrative Tools." The Wi-Fi or SSID password is usually set in "Wireless Settings." Make sure that you change all the default access data and gain strong passwords accordingly.

3. Keep firmware, browsers, and apps up to date

Updates often include relevant changes to address security vulnerabilities. It is therefore essential to keep all firmware or apps around the smart home up to date. This is the only way to ensure that hackers do not exploit vulnerabilities in the system.

4. Beware of password spying in public

But a strong password will not help if you use it liberally. Avoid entering public passwords for security-related applications in public. Neither when you log in to the online banking nor when entering your credit cards for purchase over the Internet or when logging into a smart home application should someone look at your finger. You never know who is behind you and why he or she needs this information.

5. Encrypted connections to the outside for online banking and Co.

In addition to a secure password, the encrypted transmission of data is the key to a secure smart home. Make sure that personal data such as login details, credit card numbers or private information is only transferred via an encrypted connection (recognizable by the name "https" in the address bar). Even if a hacker is listening to the connection, then he can not do anything with the information.

6. Use different networks

To spread the risk, it may make sense to use different networks, such as a guest-only network, one for your PC or laptop, and one dedicated to the smart home system only. If one of the networks is attacked, the other areas can be shielded and protected. 


Tips: These signs reveal that you have been hacked

More than every third company has been attacked by hackers in recent years - with fatal consequences. Cyber-criminals often cause immense damage. These signs can reveal that your business has been hacked.

Hacking attacks can have serious consequences for businesses: data loss, data misuse or disrupted business relationships. Financial ruin threatens some companies.
More and more frequently, the experts observe extortion attempts with ransomware, so-called ransomware. The contents of the computers are encrypted by software that injects criminals into the network of their victims. To regain access to their own data, the victims have to pay.

Hacker attacks are often detected late
"90 percent of companies do not even notice that they have been hacked,"  until it is too late and the data is gone, it is noticeable to the company. But there are some things that should startle you, and that can be a sign of a hacker attack.

One of your employees is suddenly logged in on Saturdays from 11 pm to 5 am
What happened? The hacker lures into your system outside your business hours. He can copy data from your company undisturbed. 

Suddenly increased data transfer
What happened? If your data transfer is usually 10 gigabytes and suddenly five times higher, it could also be an indication that your system has been hacked. 
What you should do now:  Keep your eyes open, regularly monitor, read and evaluate the flow of data. 

Protection money extortions appear on your screens
What happened? In this case, the hacker is after your money. The attacker usually does not want any data from you, but money. 

Duplicates of your product appear on the market
What happened? It is likely that hackers have gone unnoticed into your network and stolen information, formulas or building instructions for your product.
What you should do now: Get legal advice. However, the evidence could be difficult.

Questionable emails are sent from your account
Customer data appears on the Internet
Access data and passwords have been changed
The corporate website has been defaced

No comments