smart home devices

Smart homes are in fashion these days. Most smart homes are quite secure. However, some of them have security flaws. In fact, researchers Jason Wheeler and Chase Dardaman tested one of Zipato smart home devices. They published a research yesterday, in which they stated that there are three big security flaws in the Zipato smart homes. These can be put together to make a smart lock for the front door.

There has been intense inspection and talks about smart home technology in the past few years. It is convenient for some people. However, adding an internet connection to the device can create problems. This makes the device even less secure than traditional devices. The smart home hubs, which control the smart home devices, can be abused by the Landlord to enter a renter’s home any time he likes.

Recently, security expert Lesley Carhart wrote a featured article in which she mentioned that her landlord decided to install smart locks in the home. Due to this, she had to look for a new home. This shows that proprietors usually pressurize the tenants and renters and install smart home devices.

Dardaman and Wheeler looked into ZipaMicro a few months ago. The Croatian firm Zipato has made these smart home hubs. The researchers revealed their findings after the Company had fixed the flaws. They found out during their research that they could get the hub’s private key for ‘root’ (a user account with the highest level of access). You could extract it from the memory card and use on the device. Wheeler said that anyone could use the private key to unlock a device. He wouldn’t need a password. The researchers also found out that there is a private SSH key in every hub, sold to customers. So, hackers could hack into any smart home.

The researchers used the private key to download a file from the device, which contained shuffled passwords. The smart hub uses an authentication system for entry. However, it doesn’t require the owner’s real password; even the shuffled password would work. Due to this, the researchers could trick the device into thinking that they are the real owners of the house. Now, all a hacker had to do was to write a few simple commands to tell the door to open or close. The researchers built a few lines of code to unlock the front door easily.

The flaws of the security system don’t end here. Dardaman also found that an apartment building connected to one main account would allow the hackers to unlock any apartment building door, with the same password. However, researchers said that not everything would be easy for hackers. The hackers need to be on the same Wi-Fi Network as the smart hub, to hack it. They further found that hackers could exploit any hub, connected to Wi-Fi. The researchers found five vulnerable devices, with the help of Shodan. It is a search engine for public databases and devices.

According to Zipato, it has over 112,000 devices in 20,000 houses. Nevertheless, no one knows the exact number of vulnerable hubs. SmartRent, which is a Zipato customer, said that the vulnerable technology would affect less than 5% of the homes. SmartRent also said that there were over 20,000 installations in February.

The researchers took their research to Zipato and the firm overcame all the shortcomings within a few weeks. According to Zipato’s chief Executive, Sebastian Popovic, every smart hub now comes with a unique private key and some other security enhancements. Zipato has also ended its ZipaMicro hub.

Smart home tech won’t go away, in the near future. A recent report from IDC predicts that people will buy around 832 million smart home devices in 2019. Though, researchers and hackers will continue to find flaws in smart homes. Dardaman said, “We want people to know that this tech isn’t perfect. It has its own shortcomings and risks. Sometimes, it is even less secure than the traditional security system.”