My name is Atul Prakash I'm a professor in Electrical Engineering and Computer Science
at the University of Michigan. We are going to be showing you how a hacker can open your
front door. The idea is to improve the safety of your home and to allow you to monitor what's
going on inside your house and to remotely, potentially control it. Unfortunately this
also opens the door to potential vulnerabilities and we're going to be showing you some attack
that are possible which should give homeowners some pause when considering deploying these
kind of technologies. Okay, this attack involves a homeowner who has installed a smart lock
on their front door and is using a battery monitor app to monitor battery levels. However,
I have written this app and I've encoded malicious instructions in it to send me an sms message
whenever the user programs a pin code. This will let me enter the house whenever I want.
So I have received a sms telling me the code the user has just programmed, and I'm just
going to walk over to the home and unlock the door. So as you can see the bolt turns
and I can unlock the door. The second attack exploits an app that the user has downloaded
from the SmartThings app store that allows homeowners to remotely lock and unlock door
locks. I'll send a message to that app using my browser and it will let me program my pincode,
even multiple pincodes if I want to. And it will allow me sustained access to the home.
As you can see the bolt turns and I can open the door. We have reached out to Samsung and
SmartThings team on the vulnerabilities that we've found in their platform. So if you're
considering using these technologies you should analyze from the perspective of what's the
worst case scenario, which in this case often would be that a hacker has at least as equal
access to your smart devices inside your house remotely as you do.