ABC News’ Neal Karlinsky reports:
Smart homes, with their apps and websites that let you control your home from afar, may be the wave of the future, but are they safe?
Thomas Hatley of Dallas, Ore., found out the hard way that the same technology that lets him remotely turn on the lights and TV in his home could also be making it that much easier for intruders to access his home.
Hatley’s smart home network was hacked into by Kashmir Hill, a reporter for Forbes magazine, who, from her home in San Francisco, was able to turn on and off the lights in the master bedroom of Hatley’s Oregon home.
“All I had to do was type a very simple phrase into a search engine and then it gave me a list of houses that were using this product,” Hill wrote, referring to Insteon, the company that makes the automation system Hatley used to control his home’s lights, fans, televisions and other devices from a smartphone app or via the Web.
“Sensitive information was revealed ,” Hill wrote in Forbes last month about her experience being able to hack into Hatley’s home and seven others. “Not just what appliances and devices people had, but their time zone (along with the closest major city to their home), IP addresses and even the name of a child; apparently, the parents wanted the ability to pull the plug on his television from afar.”
The problem, according to Hill, is that the smart home system does not have password protection by default. That discrepancy allowed Hill, in theory, to be able to, “turn these people’s homes into haunted houses, energy-consumption nightmares, or even robbery targets,” she wrote.
“It doesn’t take a lot of specialized knowledge, and I think that’s the scariest thing,” security expert Chad Thunberg told ABC News.
The CIO of Insteon, Mike Nunes, told Hill that the systems she accessed online were from a product discontinued within the last year. He also blamed user error, according to Hill, and told her the devices, “come with an instruction manual telling users how to put the devices online which strongly advised them to add a username and password to the system,” Hill wrote.
Security experts say smart home users like Hatley often make the mistake of using either no password at all or using the factory default password, both of which are easy to circumvent.
Experts also recommend that smart home users use a secure firewall to their home network as another extra layer of protection.