Forbes editor Kashmir Hill hacked into eight strangers’ “smart houses” to illustrate the risks facing the $1.5-billion home-automation industry:
“I can see all of the devices in your home and I think I can control them,” I said to Thomas Hatley, a complete stranger in Oregon who I had rudely awoken with an early phone call on a Thursday morning. He and his wife were still in bed. Expressing surprise, he asked me to try to turn the master bedroom lights on and off. Sitting in my living room in San Francisco, I flipped the light switch with a click, and resisted the Poltergeist-like temptation to turn the television on as well. “They just came on and now they’re off,” he said. “I’ll be darned.” …
Googling a very simple phrase led me to a list of “smart homes” that had done something rather stupid. The homes all have an automation system from Insteon that allows remote control of their lights, hot tubs, fans, televisions, water pumps, garage doors, cameras, and other devices, so that their owners can turn these things on and off with a smartphone app or via the Web. The dumb thing?
Their systems had been made crawl-able by search engines–meaning they show up in search results–and due to Insteon not requiring user names and passwords by default in a now-discontinued product, I was able to click on the links, giving me the ability to turn these people’s homes into haunted houses, energy-consumption nightmares, or even robbery targets. Opening a garage door could make a house ripe for actual physical intrusion.
Leslie Horn thinks it’s time to take action:
In this case, Forbes is just talking specifically about Insteon, which is (hopefully) unique in the depth and breadth of its vulnerability. But if the connected home is going to be less of a trend and more of the norm, the companies that handle these systems need to take a cue and lock things down.
Meanwhile, Meghan Neal asks if we shouldn’t just return to simpler times:
The attention being given to hacking the [Internet of Things] is good, as it’s key to fixing the flaws. But it makes you wonder if, instead of controlling our front doors with our easily-lost cell phones, maybe we’re better off with a good old deadbolt.