smart home lock

Major Security Vulnerabilities in Smart Home Devices Could Allow Hackers to Unlock Doors

A now-discontinued smart home hub had flaws that allowed researchers to hack into the device without even knowing the plain-text password put in place by the owner.

Confirming the worst fears of homeowners everywhere, two security researchers have discovered several vulnerabilities in a recently discontinued smart-home hub, including the ability to unlock front doors remotely using SSH keys.

In research published Tuesday, Chase Dardaman and Jason Wheeler detail how they were able to exploit three major security flaws in a smart home hub called ZipaMacro. The pair did not publish their findings until the issues were fixed by Zipato, the firm that sells the hub.

The vulnerabilities, first reported by TechCrunch, included the ability to extract the hub’s private SSH key from the memory card on the hub. Wheeler was able to get a hold of the “root” key — the account with the highest level of access that allows anyone to access a device without needing a password.

The researchers later found that the private SSH key was coded into every smart hub sold to customers, putting everyone who owned the product at risk of being hacked, according to TechCrunch.

Using the key, they were able to download a file from the device containing scrambled passwords to the hub. As they tried to access the hub, they realized that the product used a “pass-the-hash” authentication system, TechCrunch reported. This system doesn’t require a specific plain-text password — just the scrambled version.

In turn, Wheeler and Dardaman could take the scrambled password and use it to unlock the smart hub, effectively getting around the security measures put in place by Zipato. A savvy attacker could do the same, easily locking and unlocking doors using a simple script sending a command to the smart hub.

After reviewing the research, Kevin Bocek, vice president of security strategy and threat intelligence at machine identity protection provider Venafi, called smart home controllers using the same hardcoded SSH identity a “massive security risk.”

“In this case, an attacker with access to the scrambled version of the SSH key instantly gets access to every device; it’s like winning an exploit jackpot,” Bocek said. “It can literally provide attackers with the ability to unlock your home.”

Hacking into the hub would require an attacker to be on the same WiFi network as the device, the researchers found. However, any devices connected directly to the internet would have been vulnerable to attacks.

Zipato fixed the flaws within a few weeks of learning of them from the researchers and has since discontinued the product in favor of newer products, TechCrunch reported. But the vulnerabilities are still concerning given the popularity of smart home devices around the world. Nearly 36 million such devices will be sold in the United States alone in 2019, according to an estimate from Statista.

Bocek said most organizations do not understand the risks connected with SSH keys, leading them to make mistakes that they then have to scramble to fix.

“We’ve seen the same kinds of problems in the Emergency Response system in the U.S. and we know that one in four Amazon clouds has a backdoor with SSH keys,” Bocek said. “The scale of this problem is enormous; every IoT device, cloud service and container has a key that cyber attackers are more than willing to exploit.”

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • Getting in Someone’s Face

    There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now

    • Industry Events
    • ISC West
  • ISC West 2024 is a Rousing Success

    The 2024 ISC West security tradeshow marked a pivotal moment in the industry, showcasing cutting-edge technology and innovative solutions to address evolving security challenges. Exhibitors left the event with a profound sense of satisfaction, as they witnessed a high level of engagement from attendees and forged valuable connections with potential clients and partners. Read Now

    • Industry Events
    • ISC West
  • Live From ISC West: Day 2

    What a great show ISC West 2024 has been so far. The second day on Thursday was as busy or even more hectic than the first. Remember to keep tabs on our Live From ISC West page for news and updates from the show floor at the Sands Expo, because there’s more news coming out than anyone could be expected to keep track of. Read Now

    • Industry Events
    • ISC West

Featured Cybersecurity

Webinars

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3