Security Experts suggest alarm: Computerized household appliances, in marketing language “Smarthomes”, are becoming more and more popular, but are often insufficiently secured. Thus, these “smart household appliances” sometimes open hackers door and gate into strange apartments. In 2012, for example, there was a security breach in Trendnet’s surveillance cameras. Everyone could watch the films of these cameras on the Internet, and the householders were unintentionally turned into videostars. According to the magazine Forbes, attackers managed to turn off the electricity in foreign households via the web in 2013.
The threat
The fault was the poorly configured home automation systems from Insteon. Anyone who wanted to search the web interface of these facilities with the search engine Shodan on the web. Shodan is a search engine specifically for devices that are connected to the Internet. These include refrigerators, webcams or even home automation systems. Afterwards it was easy to reconfigure the power supply of the victims by browser. If you also use devices from the Internet of Things, you should know the possible attack points and protect them as best as possible.
Philips Hue lamps
The anti-virus experts from AV-Test have tested seven Smarthome products for their safety in 2017. In the process, four products were defeated due to serious safety deficiencies. Researchers from Hewlett Packard are also skeptical about many products on the market. In their study on the Internet of Things, which was also published in 2017, they tested ten of the most widely used products - without naming names. 70% of the products then communicated via unencrypted network services: a found hack for hackers.
Fritz! Dect 200
80 percent were satisfied with weak passwords a la 12345. In the majority of devices, HP experts also found security vulnerabilities that enable hackers, for example, to find the names of user accounts or to inject malicious code. Annoying: 90 percent of the devices collected personal information about the user, such as name, address, or even the credit card number.
Router manipulate
The inadequate safety awareness of some manufacturers is especially threatening because Smarthome products are a growth market. According to the economic week, market researchers expect a turnover of 15.2 billion dollars worldwide for 2017 - three times as much as 2012. Does this mean that you will hear more frequently of security problems like the hacked toilet of Lixil in the future?
In 2013, security experts from Trustwave found a gap in which hackers can open and close the lid by remote control, as well as trigger the bidet function or the built-in hairdryer. The manipulation took place via Bluetooth, a widely used radio technology, which is practically on board all mobile devices such as laptops or smartphones. Any attacker with a Bluetooth device can listen to the radio traffic of a Smarthome device using this technique.
There are also software like BTCrack, with which hackers crack the encryption of such connections. Once it is cracked, it is usually not difficult to send your own commands. The only protection is the low range of Bluetooth. An attacker has to approach the device to about ten meters to hack it.
Bluetooth toilets are more exotic. A more typical Smarthome product is the Philips Hue light system. Via the control, the user can program when the lamps are to be lit, how bright they are, or how bright the light is. This works from the home PC or via the web, via iPhone or Android device. In 2013, security researchers Nitesh Dhanjani discovered a security breach in the system. By means of a malicious software, he can switch off all Hue lamps connected to a bridge. To switch it back on, the user would not have used it.
The malware would immediately darken the lamps. The user would have had to make the malware on his PC harmless, so as not to sit in the dark. The vulnerability was, according to Dhanjani, the way the devices log on to the central bridge: to authenticate, they take the MAC address (media access control) of their network hardware and encrypt it according to a known method (MD5). Now this MAC address can be determined by a hacker or its malware. The malicious software must now only form an MD5 hash of the address and can then issue itself as a legitimate member of the Hue network. If the user keeps his PC virus-free, the Hue system is secure.
The lamps can be remote controlled not only via a local PC, but also via the meethue.com website. Dhanjani criticizes here that the setting up of an account does not require a strong password. Meethue suffice six characters. A further attack vector is the connection to the Web service Ifthat then that, short IFTTT. With it, you can connect several web services via mini-programs, called recipes. In the case of Hue, for example, you can use IFTTT to specify the color of a photo posted on Facebook. The prerequisite is that this photo has its own Facebook name as tag. This function is almost an invitation for evil jokes.
Another example of a Smarthome technology: The Fritz! Dect-200 system consists of radio sockets, which are connected to a Fritz! -Router. There is also a socket with a repeater in the program, which can be used to increase the range of the network. Once you have plugged the sockets into the router, you have to control them in a number of ways: for example via a registered telephone (Fritz! Fon), an app on the iPhone, an Android device or via the web portal MyFritz!
Google Calendar control is also possible. The sockets switch not only power off and on, they also measure it and send the values by e-mail to the user. The devices also have a temperature sensor to measure the room temperature.
Until editorial deadline, we were no weaknesses of the Fritz! Dect-200 system known. Fritz! Dect 200 should therefore not be presented as unsafe. The following is an example of the possible attack points you should have in this and other devices. There would be the network traffic. The AVM system communicates with an encrypted DECT (Digital Enhanced Cordless Telecommunications) connection that is basically secure as long as encryption is enabled. For example, AVM warns against using another manufacturer's DECT repeater.
Smarthome of Qivicon / Telecom
With a strange repeater, the DECT communication runs off unencrypted. However, you should avoid this as a user. Communicating the devices in the plain text, hackers have easy play. With inexpensive accessories such as the Com-on-Air card for PCMCIA connections and the corresponding (free) software on a laptop, you can listen to the communication. This works with a directional antenna even from a safe distance. The user does not have to sit in your living room.
Another attack vector is the router itself. As with other manufacturers, AVM in the past, weak points in the router firmware became known. An example are the attacks on a Fritzbox! Security gap from February 2017. Over these, attackers could lead expensive phone calls over the routers of their victims. This gap has long been closed by a security update. However, new gaps can not occur with new firmware or operating system versions. With Fritz! Dect 200 is the firmware of the sockets by the way updated automatically. The described gap presupposed that the Internet access was activated for the respective routers. This is exactly what you need to control the Fritz! Dect 200 sockets.
KNX systems
In addition to the Internet access, there are other ways to manipulate a router. For example, via the web interface of the device. This works like this: If the user is currently logged on to the router with his PC, can his browser be a fake web address in the form https://192.168.1.1/? Command = Firewall off. It does not matter, that the side of the router has just been closed. The browser redirects the command to the router.
The technique is called Cross Site Request Forgery (XSRF, page-spanning request forgery). The dangerous web address can be differentiated in different ways, such as a malicious software on the computer, a fake link or a script on a website. Simple countermeasure: After configurations on the router you should always close and restart the browser. Of course the router should be secured by a strong password. Another potential vulnerability is the UPnP protocol (Universal Plug and Play), which you can enable on many routers.
The next example: The Smarthome system from Qivicon (Telekom) is a system open to partners, which works with devices from several manufacturers - including Philips. You can, for example, connect heating radiators, video cameras, motion detectors, sirens, smoke detectors and household appliances from Miele. All connected devices can then be monitored and controlled via a smartphone app for iOS or Android. The Qivicon system was scrutinized in 2017 by the security specialists of AV-Test. They explained it in a configuration with base, radiator thermostat, socket switch and smoke detector to one of the safe products in the test.
Advertisement on the refrigerator
Make data sieves with Wireshark
There were no "practicables for an attack." Nevertheless, there were critical comments from AV-Test. For example, ten open network ports have been found. Every open port is a security risk, because unwanted data could also be received. Everything depends on the application, which offers a connection on the open port (listens). If it is well armed against attacks, the open port is no problem. This also applies to the open ports of the Qivicon system. They seem to be safe according to the AV test: a test with the Armitage vulnerability scanner was unsuccessful.
In the standard configuration, the homebase of Quivicon transmits with the HomeMatic radio protocol of the American Smarthome manufacturer eQ-3. The radio connection runs encrypted and is relatively secure, provided the user creates his own key. If he uses the standard key, it is relatively easy to crack, as a lecture at the 30th Chaos Communication Congress showed.
Therefore, the manufacturer strongly advises to assign a separate key. A bigger risk may be somewhere else: you can upgrade the Homebase with a radio plug so that it can control the Zigbee radio protocol. Zigbee is common in the Smarthome world, but is regarded as comparatively uncertain in experts. A key criterion is the management of the keys (master keys) for encrypted communication.
Systems for building automation have existed since the 1990s. In 2002, the KNX Association established a specification for a bus system through which a control unit communicates with different actuators.
From security point of view there is always criticism from security experts at the KNX standard: the encryption used is much too weak. Data traffic can be easily intercepted and manipulated. In a video, the security expert Alexander Dörsam from the Antago safety company shows how he takes complete control over a smart house with KNX system - if only on a luggage case.
To do this, it is enough to connect a self-constructed device called Erebos with the household electronics. The hack works because the security expert has physical access - he mounts a light switch and installs a box the size of a tablet computer. If the system is clumsy enough, it can even be hacked over WLAN. Such a case describes security expert Jesus Molina in his document Learn how to control every room (2014). He listened to the wireless communication of an iPad with the house, analyzed the result and programmed an application with the intercepted commands. Now he could control lights, blinds, and other house electronics throughout the building.
In addition to security concerns, Smarthome prospects also fear their privacy. Some manufacturers require their customers to register with their private data, such as name and address, sometimes even credit card numbers. In addition, data about the Smarthome system is stored on a cloud store somewhere on the web.
For skeptics it is not exactly encouraging that Google is involved in the business with smart home. The Internet giant bought in January 2017 Nest, a provider of Smarthome solutions. According to the New York Times bits blog, there is a Google document filed with the US Securities and Exchange Commission (SEC), saying that there will soon be advertisements on refrigerators, appliances, spectacles and wrist watches Code>
This would be a lucrative source of income for the future. After all, there are projects like Mozaiq Operations of the manufacturers ABB, Bosch and Cisco. Mozaiq is to be an open software platform for Smarthome providers. It is intended to guarantee that the customer data stored by the partners are either located in the United States or in another country requested by the partners. That said the coming Mozaiq boss Dirk Schlesinger (Cisco) to Greentech Media. Mozaiq does not include the data stored in the cloud, and no data mining will be used. Already in September 2017 a pilot project was planned.
If you are afraid of your privacy, you have to investigate whether you are being spied on. As a user, you can control your Smarthome devices on the Internet, if your router has a log function (this is the case, for example, with Linksys, Fritzbox or Speedport models). If you have successfully logged the data on your line, you need two things: basic knowledge in network technology - at least as far as IP addresses and protocols are concerned - and an analysis tool such as the free Wireshark. Load the file with the log in Wireshark and evaluate it. Now you can see exactly who is spying over your network and you may be spying on it.
No comments:
Post a Comment