smart home lock

Major Security Vulnerabilities in Smart Home Devices Could Allow Hackers to Unlock Doors

A now-discontinued smart home hub had flaws that allowed researchers to hack into the device without even knowing the plain-text password put in place by the owner.

Confirming the worst fears of homeowners everywhere, two security researchers have discovered several vulnerabilities in a recently discontinued smart-home hub, including the ability to unlock front doors remotely using SSH keys.

In research published Tuesday, Chase Dardaman and Jason Wheeler detail how they were able to exploit three major security flaws in a smart home hub called ZipaMacro. The pair did not publish their findings until the issues were fixed by Zipato, the firm that sells the hub.

The vulnerabilities, first reported by TechCrunch, included the ability to extract the hub’s private SSH key from the memory card on the hub. Wheeler was able to get a hold of the “root” key — the account with the highest level of access that allows anyone to access a device without needing a password.

The researchers later found that the private SSH key was coded into every smart hub sold to customers, putting everyone who owned the product at risk of being hacked, according to TechCrunch.

Using the key, they were able to download a file from the device containing scrambled passwords to the hub. As they tried to access the hub, they realized that the product used a “pass-the-hash” authentication system, TechCrunch reported. This system doesn’t require a specific plain-text password — just the scrambled version.

In turn, Wheeler and Dardaman could take the scrambled password and use it to unlock the smart hub, effectively getting around the security measures put in place by Zipato. A savvy attacker could do the same, easily locking and unlocking doors using a simple script sending a command to the smart hub.

After reviewing the research, Kevin Bocek, vice president of security strategy and threat intelligence at machine identity protection provider Venafi, called smart home controllers using the same hardcoded SSH identity a “massive security risk.”

“In this case, an attacker with access to the scrambled version of the SSH key instantly gets access to every device; it’s like winning an exploit jackpot,” Bocek said. “It can literally provide attackers with the ability to unlock your home.”

Hacking into the hub would require an attacker to be on the same WiFi network as the device, the researchers found. However, any devices connected directly to the internet would have been vulnerable to attacks.

Zipato fixed the flaws within a few weeks of learning of them from the researchers and has since discontinued the product in favor of newer products, TechCrunch reported. But the vulnerabilities are still concerning given the popularity of smart home devices around the world. Nearly 36 million such devices will be sold in the United States alone in 2019, according to an estimate from Statista.

Bocek said most organizations do not understand the risks connected with SSH keys, leading them to make mistakes that they then have to scramble to fix.

“We’ve seen the same kinds of problems in the Emergency Response system in the U.S. and we know that one in four Amazon clouds has a backdoor with SSH keys,” Bocek said. “The scale of this problem is enormous; every IoT device, cloud service and container has a key that cyber attackers are more than willing to exploit.”

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

Featured Cybersecurity

Webinars

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3