【Secretive Boarding House】

It seems that some homes may be Secretive Boarding Housetoo smart for their own good.

On Monday, March 5, researchers at the San Francisco RSA conference presented to an assembled crowd of journalists and cybersecurity experts an unexpected approach for hacking into the device-enabled homes of the modern day George and Lydia Hadley.

Notably, they explained, it's not solely our internet of things that includes cameras and refrigerators we need to worry about. Instead, as people add more and more smart devices to their lives we also need to pay attention to the systems managing the interactionsbetween those tools.

Sounds fun, right?

At the core of this vulnerability is what the two Trend Micro senior threat researchers, Stephen Hilt and Numaan Huq, call "complex IoT environments" (CIE). In a corresponding paper detailing the threat, they define such an environment as typically (but not exclusively) a smart home with ten or more IoT devices linked up to one another. It's how these smart gadgets interact, via a so-called IoT automation platform, that's the problem.

SEE ALSO: Helen Mirren at RSA security conference: You're heroes who 'patrol a vast untamed wasteland'

Imagine setting up your smart doorbell to tell your smart lights to turn on when it detects a predetermined amount of outside light. Your automation platform would be the connective tissue wrapping those two services together.

"An IoT automation platform serves as a brain of sorts for the CIE and allows the creation of smart applications by functionally chaining the devices through custom rules, thus allowing devices to interact and affect each other’s actions," reads an accompanying Trend Micro blog post.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

Original image has been replaced. Credit: Mashable

If these brains can be accessed — and it turns out that many of them can be — then the entire system can be exploited. Examples provided by the researchers were chilling.

Say you set up your smart home to send you a photo, via Slack, every time your outside camera detected movement. Great, right? Well, maybe. Because, if attackers can gain access to the platform facilitating this communication between the camera and Slack, then they can intercept that image and functionally get push notification photos for your house.

"As you’re adding more and more stuff, the attack vector […] is steadily increasing,” Hilt told the crowd.

Or how about a program that, upon detecting your smartphone has joined the home Wi-Fi network, unlocks the front door smart lock. This is super futuristic and fun, until a hacker tricks the program into recognizing her phone as well and then walks into your house while you're at the beach contemplating how much easier life has been made by your networked smart home.

Original image has been replaced. Credit: Mashable

Frustratingly, according to Hilt and Huq, there are plenty of exposed IoT automation servers that can be quickly and easily found via the IoT search engine Shodan. A slide shared during the presentation noted that the researchers had discovered thousands.

What's more, these servers sometimes give specific latitude and longitude data for the house in question. This means that not only could a bad actor control a smart home online, but they could find it in real life. In one troubling example, the researchers noted that they located an exposed smart home system belonging to a house that just so happened to be quite close to their physical location.

So what does this mean for you? It means you need to pay attention to not only the security of your smart bulbs, but to the security of the system that ties them to your IoT-connected washing machine as well.

Because as we continue to add more networked devices to our homes, the under-explored problems that come with the resulting complexity are increasingly likely to rear their ugly heads.

---

Featured Video For You

---

The hidden cost of a conveniently connected world

---

Topics Cybersecurity

• Science
• Deals
• Shopping
• Social Good
• Games
• Life
• Entertainment
• Digital Culture

• Contingent No More
• Is it 'Thunderbolts*' or *The New Avengers'?
• Best iPad deal: Save $132 on Apple iPad (10th Gen)
• Operation Mensch
• This fat bear's before and after photos are stunning
• 'The Last of Us' Season 2, episode 4: Why Ellie sings 'Take on Me'
• Amazon Pet Day: All the best deals
• Episode 4: The Wave of the Future
• Today's Hurdle hints and answers for May 12, 2025
• Best Max streaming deal: Save 20% on annual subscriptions

• College girls use 56 boxes of mac and cheese as a bath bomb and we don't know why
• EP of new Hulu show says 'Harlots' were like 'the Kardashians of their day'
• China's Oppo under fire in India after an executive allegedly disrespected national flag
• Sorry, Lyft, but being less awful than Uber doesn't make you 'woke'
• China just registered 14 million people that never officially existed before
• These new educational apps will help Syrian refugee kids learn and play
• These terrible photos might explain why Donald Trump rejected an offer to throw a first pitch
• Bunch of people dressed as Albert Einstein break very important world record
• This footballer's speech about losing his wife is utterly heartbreaking
• The Mexico Tourism Board made a cloud that rains tequila and we're booking our flights now

• I'm a college professor. My advice to young people who feel hooked on tech
• Best Sony headphones deal: Over $100 off Sony XM5 headphones
• Hidden Siri Commands and Unusual Responses
• Episode 4: The Wave of the Future
• Best headphones deal: Save up to 51% on Beats at Amazon
• Best Max streaming deal: Save 20% on annual subscriptions
• I'm a college professor. My advice to young people who feel hooked on tech
• Mary Shows Up
• Watch how an old Venus spacecraft tumbled before crashing to Earth
• Sony launches new flagship XM6 headphones: Order them now

• Skype is finally shutting down
• The Best Gaming Concept Art of 2016
• Boeing's new VR simulator immerses astronauts in space training
• Virtual Reality: The True Cost of Admission (and Why It Doesn't Matter)
• This is the fattest of the extremely fat bears
• The Baffler’s May Day Round Up
• The Anatomy of Liberal Melancholy
• Ryzen 5 1600X vs. 1600: Which should you buy?
• Waymo data shows humans are terrible drivers compared to AI
• The cicadas aren't invading the U.S.