Smart Home Hubs Leave Users Vulnerable to Hackers
Even though the information is encrypted, attackers can still make use of it.
They can figure out daily patterns of homeowners and determine whether someone is home at a given time, leaving the homeowner vulnerable to a break-in.
Perhaps more concerningly, they can inject their own random packet into the information going to and from the hub.
“If we inject some garbage packet in the patterns we figured out from the machine learning programs, that packet will be delivered to the smart lock and potentially make it malfunction,” Lee said. “So that can actually prevent the homeowner from locking their door.”
If the criminals are smart, you probably won’t even know your door isn’t locked since the app will say it’s correctly locked, just like usual. So while you may think your house is secure, the hackers know it’s not.
Cybercriminals can use a similar tactic to drain the batteries in smart devices by bombarding the hub with useless packets, the researchers said. But this strategy runs the risk of the smart home hub alerting the homeowner to a low battery.
Changing Passwords Can Keep Smart Devices, Routers Safe
So what can users do to protect themselves? Unfortunately, not much.
The real solutions need to come from Samsung, Amazon and other smart home hub giants, Lee said.
The manufacturers could use techniques known as packet padding, which entails making the packets sent back and forth from the hub all the same length. That would make it impractical for hackers to determine which packets do what, preventing them from, say, determining which ones are connected to your door lock, for example.
Another option for the tech companies is implementing random sequence injection, where the hubs send out irregular and meaningless packets to the network. That makes it harder to detect which packets contain useful information.
In the study, the researchers showed that using these techniques together successfully hides the unique network patterns generated by smart devices, making it difficult—if not impossible—for hackers to crack those codes.
Until the companies implement such strategies, though, you can take some easy steps to make your network more secure, Lee said.
Make sure the firewall in your router is turned on. Keeping hackers out of your router is key. Once they’re in, cybercriminals can monitor all the network packets in your home and can easily figure out your smart device habits.
You’ll also want to change the passwords on your individual smart toys.
Keeping your devices safe is as easy as picking different difficult-to-hack passwords for each one. But many people use an iteration of ABC123 or other easy to remember ones, leaving them vulnerable to cyberattacks.
“We say in the cybersecurity world that human is the weakest link,” Lee said.
Leigh Beeson is a Senior Science/Research Writer at UGA. The article was originally posted to the UGA website.
