Breaking and entering in the digital age
LAS VEGAS Smart home technologies make it possible to control lights, heating systems, security cameras and even deadbolt locks remotely, but some may find that the cost of convenience is too high.
Hacking into homes controlled by a networked system is the focus of several briefings at the Black Hat conference, an annual meeting of cybersecurity professionals going on this week in Las Vegas.
A wireless communication protocol device called Z-Wave is the focus of information security company Trustwave. Its researchers will discuss vulnerabilities that would allow malicious hackers take control of a home and wreak havoc.
- 5 scariest cybersecurity threats
- NSA director heckled at Black Hat cybersecurity conference
At a briefing Thursday called "Home Invasion v2.0 - Attacking Network Controlled Hardware," Trustwave researchers will demonstrate how home control boxes are vulnerable to attack. All a computer-savvy criminal would need to do is gain access to a home's wireless network.
In a demonstration for CBSNews.com, Daniel Crowley, managing consultant at Trustwave, said a device like the VeraLite home automation controller, made by Hong Kong-based Mi Casa Verde, can turn a cyberattack into a real-life threat.
"Control of this box means control of everything that's hooked up to it." Crowley said. "Taking control of this might mean that you could gain physical access of their home. All that really requires is for you to be on their home network."
Almost anything can be breached, including door locks, alarm systems, lights and carbon monoxide detectors. And in one scenario, the tables could turn for owners of surveillance cameras.
"One of the things you can do is hook up cameras to this device. So if you had a smart camera connected into this, they'd be able to pull this up as well," said Trustwave senior security consultant David Bryan. Cyber-criminals could potentially use the home security cameras to see inside a house or verify when the homeowners came or went.
The researchers have contacted the device makers to submit their findings. They say that Insteon, the company behind a best-selling home-control networking system, has worked to secure its device, but Mi Casa Verde has yet to release a fix. Mi Casa Verde and Insteon did not immediately respond to CBS News' request for comment.
