Watch engineers hack a ‘smart home’ door lock

↔️ ↕️

Sharing buttons:

My name is Atul Prakash I'm a professor in Electrical Engineering and Computer Science

at the University of Michigan. We are going to be showing you how a hacker can open your

front door. The idea is to improve the safety of your home and to allow you to monitor what's

going on inside your house and to remotely, potentially control it. Unfortunately this

also opens the door to potential vulnerabilities and we're going to be showing you some attack

that are possible which should give homeowners some pause when considering deploying these

kind of technologies. Okay, this attack involves a homeowner who has installed a smart lock

on their front door and is using a battery monitor app to monitor battery levels. However,

I have written this app and I've encoded malicious instructions in it to send me an sms message

whenever the user programs a pin code. This will let me enter the house whenever I want.

So I have received a sms telling me the code the user has just programmed, and I'm just

going to walk over to the home and unlock the door. So as you can see the bolt turns

and I can unlock the door. The second attack exploits an app that the user has downloaded

from the SmartThings app store that allows homeowners to remotely lock and unlock door

locks. I'll send a message to that app using my browser and it will let me program my pincode,

even multiple pincodes if I want to. And it will allow me sustained access to the home.

As you can see the bolt turns and I can open the door. We have reached out to Samsung and

SmartThings team on the vulnerabilities that we've found in their platform. So if you're

considering using these technologies you should analyze from the perspective of what's the

worst case scenario, which in this case often would be that a hacker has at least as equal

access to your smart devices inside your house remotely as you do.