We identified vulnerabilities in all devices tested, including critical vulnerabilities in some. For some devices we found previous vulnerabilities that manufacturers have released updates to fix can still be exploited, particularly in cases where the devices are connected to a private network and therefore not automatically updating. These issues are also prevalent in second-hand devices. As well as uncovering these vulnerabilities, we have suggested ways that users can protect themselves from becoming a target. You can read our full white paper by clicking here. The devices we analyzed:
Introduction
As smart technologies in the home become increasingly mainstream, recent research has revealed that nearly a quarter of UK households contain at least one smart home device. However, although 56% of those who own these devices purchased them for security reasons, 55% admitted they are not sure how these devices work. With this being the case, smart home technology opens itself up as a lucrative opportunity for malicious hackers to exploit and gain access to a home. With this opportunity posing a potential public threat, internet security experts vpnMentor have investigated the potential threat of several of the most popular smart home devices, including personal assistant devices, smart locks, smart cameras and smart plugs. Utilizing an expert team of ethical hackers, we have uncovered the vulnerabilities within each device, as well as the tactics you can use to protect yourself from becoming a victim of cyber attack within your own home.
The devices we Analyzed
Our team tested a popular personal assistant device known for its intuitive design and complex functionality. The 24/7 listening device provides users with the ability to control their smart gadgets with a simple verbal command, making everyday tasks simpler. Starting the device from a specially crafted SD card allowed our team to gain administrative control over the underlying operating system and install malicious software, without leaving physical evidence of tampering. Once installed, this malware could grant an attacker remote access to the device, the ability to steal customer authentication tokens, and the power to stream live microphone audio to remote services without altering the functionality of the device.
August 1st Generation (smart lock)
We conducted a comprehensive security assessment on a popular smart-locking device. The innovative Bluetooth door lock attaches to a deadbolt and offers convenience and functionality to its users. The wireless product relies on various access control mechanisms based on predefined user privileges. Once installed, users can unlock their front door using their smartphone, and grant OWNER or GUEST access to others. We found two main exploits:
Password Attack: The mobile application does not require old password verification prior to a password change, which is poor practice from a security standpoint. In this case, our ethical hacking team was able to change the current user password. Owner-Level Access Not Revoked: Through our investigation, we discovered that owners could still communicate with the lock while offline. This poses a threat in a scenario where a user who gives another user OWNER-level access, gets out of Bluetooth range, and then the new owner maliciously puts his phone in airplane mode, preventing it from communicating with the smart lock servers, but leaving Bluetooth enabled.
Kwikset Kevo 1st Generation (smart lock)
Our team also conducted an in-depth assessment on a second popular Bluetooth deadbolt device. This lock actively communicates with all assigned key fobs and mobile devices. Using intelligent positioning technology, the smart gadget identifies whether the user is outside or inside the protected area and triggers the unlocking mechanism upon successful verification. By inserting the thin sharp part of a screwdriver into the lock and using a small hammer with precise shaking movements, a malicious actor can reach the alignment point of all pins relatively easily.
Ring 1st Generation (smart doorbell)
Today’s fast-growing demand for remotely controllable household devices, and the desire to have eyes on your home at all times, has led to the automation of usually unsophisticated devices, such as doorbells. However, are smart doorbells opening you up to more problems than they’re preventing? The target gadget we tested is one of the most popular brands on the global market at the moment, the Ring Smart Doorbell. In order to control a smart doorbell device, users have to connect it to an externally accessible wireless network. Once connected, the device can be managed through a convenient mobile application. During investigations, the team noticed a button on the back of the doorbell device that a malicious actor can easily access. Once the button is continuously pressed, the hardware device turns into an unprotected WiFi access point (AP). This gives a malicious actor the opportunity to enumerate device internal configuration details. The hacking team also discovered an interesting web address that reveals the password of the user’s home WiFi network, thus providing external attackers access to sensitive personal information. Once this access is gained, attackers can access the user’s sensitive personal information such as online banking details.
TP-Link HS110 (smart plug)
As more and more of the public become interested in living in a connected home, smart plugs offer a simple way to make your existing appliances smarter. Using these plugs allows you to control any electronic appliance from the ease of your smartphone. The industry leaders of these plugs provide customers with power management, remote on/off switching, intelligent timer, and task scheduling. By using dedicated testing tools, the team successfully communicated with the target device and found a lack of properly implemented encryption and authentication security mechanisms. The team managed to send valid on/off commands, which were scheduled to execute after a specific period of time. The same exploit also allowed us to take full control over the device from the devices’ owners and cause denial of service to other in-range smart appliances.
Samsung SNH-1011 (smart camera)
The ability to monitor and control our homes and businesses remotely has been the focus of various technology companies over recent years. Smart cameras, accessible through the internet, bring significant convenience for users worldwide and peace of mind to parents and pet owners concerned about loved ones at home while they’re away. People can monitor, zoom in and out, move, change vision mode, record, and much more just by using a simple mobile application. By utilizing manual testing techniques, we were able establish the smart camera IP address and exploit a vulnerability that allows an attacker to complete a password reset for the administrative account without knowing the original password. The camera’s misconfiguration allows an attacker to reset the pre-existing administrative password and gain full control over the wireless camera with relative ease. This means a malicious actor could gain full access to the very camera from inside your home that you set up to protect it.
Conclusion and recommendations
In the modern world, you don’t need to fear the growth of technology and the ever-expanding wealth of smart devices at your fingertips. However, if you are going to introduce smart technology into your home, it is important that you remain vigilant with your devices to ensure that only those you trust have access. Following a set of simple rules to ensure security best practices have been met will save you from becoming an easy target for cyber, and in some cases physical, crime. Below are the key factors to remember: ✓ Set a complex lock code (passcode, password, passphrase, etc.) for all your personal electronic devices. ✓ Do not leave your personal electronic devices unattended in public places. ✓ Avoid assigning administrative privileges to multiple users and follow the principle of “least privilege” - giving a user account only those privileges, which are essential to perform its intended function. ✓ Make sure your smart device is properly configured and regularly updated. ✓ Always perform research through reliable search engines (e.g. Google, Bing, etc.) on specific functionality requirements and critical vulnerabilities related to the smart device you are interested in. ✓ Only buy your smart devices from officially certified sources. ✓ Keep your externally facing smart devices on a separate network. ✓ Be aware of any signs of unauthorized physical intervention with your device. ✓ Stay up-to-date with the latest news around your preferred smart device brand. ✓ Directly address the appropriate authorities if you or someone else has identified any major misconfiguration with any of your smart home devices. You can read our full analysis and recommendations in our white paper.