- City Fajr Shuruq Duhr Asr Magrib Isha
- Dubai 04:32 05:49 12:21 15:48 18:47 20:04
Smart home solutions offered today enable you to control smart power plugs to operate lights, air-conditioners, CCTV cameras and entertainment systems. (Shutterstock)
Beware of home automation systems. Unless you carefully plan your security settings, intruders can unlock your doors and windows, hack into your webcam, share your recordings online and even your private conversations can go public as hackers can access your connected gadgets and operate them at their own will.
Burglars can use it to test if you are at home or hackers can even demand ransom to restore your connection.
The smart home solutions offered today enable you to control your smart power plugs to operate lights, air-conditioners, CCTV cameras and entertainment systems. Even your doors can be connected to smart locks, through WiFi routers connected to your smartphone or tablets.
According to Symantec, some of the home automation devices do contain serious security flaws that can allow attackers access to your home network.
It tested two home automation hubs and found multiple security flaws that can potentially allow attackers to gain access to the hubs themselves and, by extension, to other devices connected to them.
The issues aren’t specific to these particular hubs; any connected device is potentially at risk. Many more smart home devices potentially have similar security flaws,” it said in its latest note.
Writing on the official blog, ‘Candid Wueest’, Threat Researcher at Symantec, notes that while the internet-enabled devices hold exciting possibilities for home automation, they also present some serious security challenges and home users need to be aware that it isn’t just their PCs or smartphones that could be compromised by attackers.
While several companies are offering home automation solutions in advanced economies including the US and Europe, the UAE too has joined the race, with telecom operators joining hands.
Etisalat is offering home automation service and has teamed up with Belkin to introduce WeMo smart home automation solutions enabling customers to manage their home appliances and lighting, monitor their home on cameras and measure energy consumption through their smart devices.
The UAE’s second telecom operator Du says it is lining up a similar solution which could be announced early next year.
Going into details about ways a smart home system can be compromised Wueest points out that one of the means of attack could be through automatic firmware updates.
In one of the system it checked the firmware updates were not digitally signed and were downloaded from an open Trivial File Transfer Protocol (TFTP) server. “This could allow an attacker on the same network to redirect the device to a malicious TFTP server…. which could then send a malicious firmware update to the device. If this happens, then the complete setup would be compromised and other connected devices could be attacked, as the attacker would have full control over the hub,” he notes.
Another hacking mechanism he points out could be through replay attacks orchestrated via radio transmission protocol (RTP).
The smart hub uses the RTP for sending commands to connected devices without any additional authentication or security implementation, which allows for successful replay attacks. “For example, a signal to open a garage door captured while you are leaving the house could be used again later in the day to gain access. The same can be done for turning on or off lights. The attacker doesn’t even need to understand the protocol, they simply have to capture the signal used to issue a command a replay it,” he points out.
The second test that Symantec conducted also provided a similar result.
“This one did not use any authentication method for commands that were sent in the internal network. If an attacker is on the same Wi-Fi network as the hub, then they could gain control of any device connected to the hub. They could even go a step further, as the hub had a remote code execution vulnerability, allowing the attacker to execute arbitrary commands with root privileges on the hub,” the note adds.
How could you possibly prevent the system from being hacked? Symantec says as a user you should only enable remote administration from the internet if you really need it. Also ensure that your password is strong and Wi-Fi routers WP2 encrypted.
Follow Emirates 24|7 on Google News.