smart home lock

Major Security Vulnerabilities in Smart Home Devices Could Allow Hackers to Unlock Doors

A now-discontinued smart home hub had flaws that allowed researchers to hack into the device without even knowing the plain-text password put in place by the owner.

Confirming the worst fears of homeowners everywhere, two security researchers have discovered several vulnerabilities in a recently discontinued smart-home hub, including the ability to unlock front doors remotely using SSH keys.

In research published Tuesday, Chase Dardaman and Jason Wheeler detail how they were able to exploit three major security flaws in a smart home hub called ZipaMacro. The pair did not publish their findings until the issues were fixed by Zipato, the firm that sells the hub.

The vulnerabilities, first reported by TechCrunch, included the ability to extract the hub’s private SSH key from the memory card on the hub. Wheeler was able to get a hold of the “root” key — the account with the highest level of access that allows anyone to access a device without needing a password.

The researchers later found that the private SSH key was coded into every smart hub sold to customers, putting everyone who owned the product at risk of being hacked, according to TechCrunch.

Using the key, they were able to download a file from the device containing scrambled passwords to the hub. As they tried to access the hub, they realized that the product used a “pass-the-hash” authentication system, TechCrunch reported. This system doesn’t require a specific plain-text password — just the scrambled version.

In turn, Wheeler and Dardaman could take the scrambled password and use it to unlock the smart hub, effectively getting around the security measures put in place by Zipato. A savvy attacker could do the same, easily locking and unlocking doors using a simple script sending a command to the smart hub.

After reviewing the research, Kevin Bocek, vice president of security strategy and threat intelligence at machine identity protection provider Venafi, called smart home controllers using the same hardcoded SSH identity a “massive security risk.”

“In this case, an attacker with access to the scrambled version of the SSH key instantly gets access to every device; it’s like winning an exploit jackpot,” Bocek said. “It can literally provide attackers with the ability to unlock your home.”

Hacking into the hub would require an attacker to be on the same WiFi network as the device, the researchers found. However, any devices connected directly to the internet would have been vulnerable to attacks.

Zipato fixed the flaws within a few weeks of learning of them from the researchers and has since discontinued the product in favor of newer products, TechCrunch reported. But the vulnerabilities are still concerning given the popularity of smart home devices around the world. Nearly 36 million such devices will be sold in the United States alone in 2019, according to an estimate from Statista.

Bocek said most organizations do not understand the risks connected with SSH keys, leading them to make mistakes that they then have to scramble to fix.

“We’ve seen the same kinds of problems in the Emergency Response system in the U.S. and we know that one in four Amazon clouds has a backdoor with SSH keys,” Bocek said. “The scale of this problem is enormous; every IoT device, cloud service and container has a key that cyber attackers are more than willing to exploit.”

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.