Researchers Sound The Alarm On Smart Home Hub Security Vulnerabilities

Smart devices can make life a lot easier. We may not have flying cars or robot butlers, but the ability to control electrical appliances throughout your home via an app or your voice is arguably the one sci-fi future prediction that we did get a functional version of. Unfortunately, it turns out your smart home does have its flaws, and those flaws could leave you vulnerable to attacks.

A basic smart home isn't difficult or expensive to set up, and most people can live in one if they choose to. A smart speaker or hub like Amazon's Alexa isn't completely necessary, but people often center their smart home around one as it allows them to control other devices with voice commands. Other common smart devices people purchase include smart bulbs, smart plugs, thermostats, and cameras. Your smart home can even be used to start your car, provided you have a certain model or have a compatible remote starter retrofitted.

There are some downsides, and they do go beyond Alexa not understanding your slurred speech if you've had one too many to drink. In fact, there are some serious security concerns about smart homes and their abilities to fend off attacks.

One study shows a type of smart home attack could be up to 90% effective

Researchers at the University of Georgia have used machine learning and AI to develop an app called ChatterHub, which is capable of tearing smart home security apart. The app mainly targets smart home hubs, which are often the center point of a smart home network and can be used to control most other devices. The information your hub and other devices send to each other is encrypted, but researchers discovered that they don't have to break that encryption to find out what the signals mean. Associate professor Kyu Lee explains that the team was "able to use machine learning technology to figure out what much of the activity is without even having to decrypt the information."

More worrying is the way ChatterHub could be used to bypass devices like smart locks. The study showed that researchers didn't have to send the correct encrypted code to certain types of smart locks if they wanted to unlock them. Instead, they could bombard some locks with information packets until they malfunctioned. Lee said that this could "prevent the homeowner from locking their door." Criminals could also use this technique to run the device's battery down, causing it to switch off and unlock.

A bad actor with the ChatterHub app doesn't even need to be close to your home to target it. From the information the University of Georgia has provided, it seems a person using the app for malicious purposes wouldn't have to do much research into the home, either. The potential intruder wouldn't need to know the type of smart hub they are iterating with nor would they need to know what other devices you have or the layout of your smart home setup.

What could a smart home attack expose you to?

Exactly what a smart home attack could expose you to depends entirely on your smart home setup. If you have nothing beyond a few smart bulbs that you control through an app, all a hacker could really do is mess with your lighting. Similarly, a TV and a smart speaker may not cause many issues beyond a cybercriminal finding out what Netflix series you're binge-watching at the moment.

The real issues occur with smart home features that exist to keep your home more secure, but may actually be having the opposite effect. Cameras and baby monitors are built to look and listen. A hacker with access to them could use them to spy on your home, gather information, and work out if you're present in the house or not. If your smart home also has smart locks fitted, the consequences could be even more drastic. A hacker with access to your smart home could theoretically unlock any door with a smart lock fitted. 

Before you panic, it's worth pointing out that traditional locks aren't that secure either, as evidenced by the LockPickingLawyer. There are probably more people on Earth capable of picking a pin and tumbler lock than there are people who can hack into a smart home. Plus, a criminal can breach most windows in seconds using something as simple as a rock. Smart locks do have another factor. If a hacker can't control your smart devices but can intercept information sent between them, they could use that information to determine if a device is active or not. This could be used to see if a light is on or a door is unlocked, and give them an opportunity to enter your home.

How to keep your smart home secure

First of all, you should understand that this was a university study conducted by an organization that has more resources than your average criminal. Statistically, most people aren't worth the level of effort required. This could change as AI becomes more accessible, and things like quantum computing have terrifying security implications for all things digital, but as things stand, you are more than likely safe. As researchers stated in the study, solutions to the problems ChatterHub highlighted will have to come directly from the smart devices' developers. Developers will also be responsible for counteracting other emerging threats as technology advances.

However, there are still things you can do to make sure your smart home is as secure as possible. As your smart home operates over your Wi-Fi network, that's an ideal place to start. Make sure your router has a strong password and consider using your router's guest network for your smart home if it has one. The benefit here is, if someone does get into the guest network they won't be able to access any of the router's other settings. Another tip involves limiting your smart home to the devices you actually need. A smaller network of devices means fewer things can go wrong. Finally, make sure you keep your smart devices up to date. 

Developers patch bugs and vulnerabilities through firmware updates. Some devices like the Amazon Echo download and apply updates automatically, while others may require you to install updates through their respective apps. Check for updates on all key devices, like smart locks and cameras, as part of your weekly household routine. This should be enough to ensure your smart home is as safe as it can be and that the developers' responses to emerging threats are implemented ASAP.