From Pine View Farm

Digital Door Openers 0

If you are considering getting–or have already gotten–one of those web-based digital assistants and have all kinds of internet enabled gadgets and geegaws, you may want to think again. Two researchers at William and Mary have been investigating that stuff, and what they found is not reassuring. Here’s a bit:

For example, let’s say you want to change the temperature of your thermostat. You pull up your smart home app on your mobile phone and tell it to turn up the heat. The app will then write a change to the target temperature variable in the centralized data store. The thermostat device will subsequently receive an update from the data store and change its temperature accordingly. The system works because apps and devices are able to communicate by reading from or writing to variables in the centralized data store.

The problem, Nadkarni and Poshyvanyk explained, is that a data store-based system provides hackers the ability to access all devices in the home, from light switches to security alarms. An adversary can compromise one low-integrity product, like a sprinkler or a third-party lighting app, and modify a data store variable that another high-integrity product, such as a security alarm, depends on. This can have a whole host of unwanted consequences.

This example is particularly telling for us, as we just got a new heating system which includes precisely the sort of function described above.

We opted not to get the app. Dammit, we are not so lazy that we cannot walk upstairs and push a button, for Pete’s sake.

Remember, as manufacturers rush to push out new digital gadgets, security is always an afterthought.


Comments are closed.