Cybersecurity researchers at the University of Michigan were able to hack into the leading “smart home” automation system and essentially get the PIN code to a home’s front door. Their “lock-pick malware app” was one of four attacks that the cybersecurity researchers leveled at an experimental set-up of Samsung’s SmartThings, a top-selling Internet of Things platform for consumers. The work is believed to be the first platform-wide study of a real-world connected home system. The researchers didn’t like what they saw. Regardless of how safe individual devices are or claim to be, new vulnerabilities form when hardware like electronic locks, thermostats, ovens, sprinklers, lights and motion sensors are networked and set up to be controlled remotely. The researchers told SmartThings about these issues in December 2015 and the company is working on fixes. The researchers rechecked a few weeks ago if a lock's PIN code could still be snooped and reprogrammed by a potential hacker, and it still could.
ABOUT THE PROFESSOR
Atul Prakash is a Professor of Electrical Engineering and Computer Science. His research interests are security policy management, software infrastructure to support collaborative work, privacy in pervasive computing, intrusion detection, group security, operating system security, and scientific collaboratories.