smart home lock

Major Security Vulnerabilities in Smart Home Devices Could Allow Hackers to Unlock Doors

A now-discontinued smart home hub had flaws that allowed researchers to hack into the device without even knowing the plain-text password put in place by the owner.

Confirming the worst fears of homeowners everywhere, two security researchers have discovered several vulnerabilities in a recently discontinued smart-home hub, including the ability to unlock front doors remotely using SSH keys.

In research published Tuesday, Chase Dardaman and Jason Wheeler detail how they were able to exploit three major security flaws in a smart home hub called ZipaMacro. The pair did not publish their findings until the issues were fixed by Zipato, the firm that sells the hub.

The vulnerabilities, first reported by TechCrunch, included the ability to extract the hub’s private SSH key from the memory card on the hub. Wheeler was able to get a hold of the “root” key — the account with the highest level of access that allows anyone to access a device without needing a password.

The researchers later found that the private SSH key was coded into every smart hub sold to customers, putting everyone who owned the product at risk of being hacked, according to TechCrunch.

Using the key, they were able to download a file from the device containing scrambled passwords to the hub. As they tried to access the hub, they realized that the product used a “pass-the-hash” authentication system, TechCrunch reported. This system doesn’t require a specific plain-text password — just the scrambled version.

In turn, Wheeler and Dardaman could take the scrambled password and use it to unlock the smart hub, effectively getting around the security measures put in place by Zipato. A savvy attacker could do the same, easily locking and unlocking doors using a simple script sending a command to the smart hub.

After reviewing the research, Kevin Bocek, vice president of security strategy and threat intelligence at machine identity protection provider Venafi, called smart home controllers using the same hardcoded SSH identity a “massive security risk.”

“In this case, an attacker with access to the scrambled version of the SSH key instantly gets access to every device; it’s like winning an exploit jackpot,” Bocek said. “It can literally provide attackers with the ability to unlock your home.”

Hacking into the hub would require an attacker to be on the same WiFi network as the device, the researchers found. However, any devices connected directly to the internet would have been vulnerable to attacks.

Zipato fixed the flaws within a few weeks of learning of them from the researchers and has since discontinued the product in favor of newer products, TechCrunch reported. But the vulnerabilities are still concerning given the popularity of smart home devices around the world. Nearly 36 million such devices will be sold in the United States alone in 2019, according to an estimate from Statista.

Bocek said most organizations do not understand the risks connected with SSH keys, leading them to make mistakes that they then have to scramble to fix.

“We’ve seen the same kinds of problems in the Emergency Response system in the U.S. and we know that one in four Amazon clouds has a backdoor with SSH keys,” Bocek said. “The scale of this problem is enormous; every IoT device, cloud service and container has a key that cyber attackers are more than willing to exploit.”

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Survey: Only 13 Percent of Research Institutions Are Prepared for AI

    A new survey commissioned by SHI International and Dell Technologies underscores the transformative potential of artificial intelligence (AI) while exposing significant gaps in preparedness at many research institutions. Read Now

  • Survey: 70 Percent of Organizations Have Established Dedicated SaaS Security Teams

    Seventy percent of organizations have prioritized investment in SaaS security, establishing dedicated SaaS security teams, despite economic uncertainty and workforce reductions. This was a key finding in the fourth Annual SaaS Security Survey Report: 2025 CISO Plans and Priorities released today by the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

  • Mobile Applications Are Empowering Security Personnel

    From real-time surveillance and access control management to remote monitoring and communications, a new generation of mobile applications is empowering security personnel to protect people and places. Mobile applications for physical security systems are emerging as indispensable tools to enhance safety. They also offer many features that are reshaping how modern security professionals approach their work. Read Now

Featured Cybersecurity

Webinars

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3