A 'Smart' Garage Door Could Leave You Locked Out – And Your Home Unsecured

Smart garage doors sound like a convenient idea, but their reliance on cloud servers and app-based controls has left some homeowners locked out, or worse, unintentionally exposed to hackers. The massive flaw is as simple as this: If an internet-connected opener relies on a third-party server to function, then something as innocuous as a service outage or software glitch can render the app (and the door itself) completely useless. And, in the most extreme cases, vulnerable. After all, smart home devices can be hacked.

Sure, some smart garage doors include manual override options, but not all. That leaves consumers wide open to the same broader issues plaguing the Internet of Things (IoT) sector at large: devices ranging from smart door locks to smart fridges to smart beds can fail without a stable enough connection to the cloud.

Take one man's example, who told the New York Times he discovered his garage door had been left open all night after his app gave him repeated error messages. Even though the manufacturer tried to argue that blocked sensors or weak Wi-Fi might be to blame, he had already ruled out both personally. It wasn't just a one-off, either. This happened night after night. Is the convenience of Wi-Fi-connected garage door openers really worth getting locked out or leaving your home unprotected?

This example out of the New York Times just goes to show how something as minor as a routine app glitch can snowball into a full-fledged home security threat in this IoT age. Meanwhile, companies can modify, restrict, or discontinue remote functionality at any time... even if you bought the hardware for that very remote functionality in the first place.

Security researchers have uncovered tons of vulnerabilities in a number of cloud-connected garage door controllers. One widely discussed case involved a brand of Wi-Fi-enabled controllers that communicated with company servers using a single universal password. Pros dug up that universal password through basic firmware and traffic analysis, but according to the folks who found the flaws, anyone with moderate technical skill could have done the same. (Even worse, the controllers also sent user email addresses, device IDs, and other identifying data, all in unencrypted form.)

The case puts an even greater emphasis on the inherent flaws of IoT devices: hardcoded credentials, outdated firmware, and unsecured communications, none of which you probably want to deal with when you simply want to open and close your garage door.

Given these frustrations and security concerns, there's a growing movement among consumers demanding more control over their connected devices. The man from the New York Times article, Paul Wieland, went as far as to build a prototype system operating solely on local Wi-Fi rather than a corporate cloud. (He named it RATGDO, short for Rage Against the Garage Door Opener.) And though he only figured he'd move a small batch to recoup costs, demand has surged — especially as more and more manufacturers limit third-party integrations and subscription models for features that used to be free.

It's not hard to see what people are upset about. When companies modify or outright discontinue your smart garage door's functions, you risk losing something essential without an easy or convenient solution to the problem the company itself created for you by pulling the rug. For now, there is no universal solution to this IoT issue... especially since so many connected products will likely always depend on manufacturer servers in some form. To play it safe, consider going for offline-capable or "non-smart" models whenever possible. (Especially for appliances and home-access systems like garage doors, where reliability and security should probably be nonnegotiables.) You might also want to set aside some time to make your smart home more secure.