CYBERSECURITYSmart Home Hubs Leave Users Vulnerable to Hackers

By Leigh Beeson

Published 17 November 2022

Machine learning programs mean even encrypted information can give cybercriminals insight into your daily habits.

Smart technology claims to make our lives easier.

You can turn on your lights, lock your front door remotely and even adjust your thermostat with the click of a button.

But new research from the University of Georgia suggests that convenience potentially comes at a cost—your personal security.

The study focused on smart home hubs, the centralized device that enables you to control all your smart devices in one easy spot. These hubs rely on technology that connects them—but not your individual smart devices—to the internet.

That’s important because the hubs theoretically make using the smart devices safer. In the past, cybercriminals have hacked into internet-connected baby monitors or smart cameras in people’s homes, enabling them to monitor their target’s comings and goings.

Hackers can’t get into a device if it’s not Wi-Fi enabled.

But the UGA researchers developed a system called ChatterHub that can successfully disclose the cyber activity of a variety of smart hubs almost 90% of the time.

“The good thing is all traffic to and from a smart home hub is encrypted,” said Kyu Lee, lead author of the study and an associate professor in the Franklin College of Arts and Sciences. Lee is also the associate director of UGA’s Institute of Cybersecurity and Privacy. “The bad thing is that we were able to use machine learning technology to figure out what much of the activity is without even having to decrypt the information.”

ChatterHub doesn’t have to be physically close to the system it’s hacking. And the hacker doesn’t need any prior knowledge of the types of smart devices or the maker of the hub to break into the system remotely.

Encrypted Information Can Still Be Useful to Criminals
Smart hubs send packets of information to and from individual devices. That’s what enables you to flick on some music through an app or to check your Ring camera when you’re out and get a delivery.

Those information packets are encrypted, meaning an outsider can’t know exactly what’s said in them.

“For example, when a smart home lock is locked, it sends a packet to the hub, and the smart home hub passes that onto the server,” Lee said. “We cannot see the actual information that the lock has locked, but using the patterns, the size of the packet and the timing of the packet, we can figure that information out with very high accuracy.”