Smart-home hubs vulnerable to privacy risks
Researchers at the University of Georgia say they developed a system that can successfully disclose the cyber activity of a variety of smart hubs almost 90% of the time, making users vulnerable to hackers. The system, called ChatterHub, passively eavesdrops on encrypted network traffic from the hub and leverages machine learning techniques to classify events and states of smart-home devices.
“The good thing is all traffic to and from a smart home hub is encrypted,” says Kyu Lee, lead author of a study on the research and an associate professor in the Franklin College of Arts and Sciences. Lee is also the associate director of UGA’s Institute of Cybersecurity and Privacy. “The bad thing is that we were able to use machine learning technology to figure out what much of the activity is without even having to decrypt the information.”
ChatterHub doesn’t have to be physically close to the system it’s hacking. And the hacker doesn’t need any prior knowledge of the types of smart devices or the maker of the hub to break into the system remotely.
Smart hubs send packets of information to and from individual devices, for example enabling users to flick on some music through an app or to check their Ring camera when they’re out and get a delivery. Those information packets are encrypted, meaning an outsider can’t know exactly what’s said in them.
“For example, when a smart home lock is locked, it sends a packet to the hub, and the smart home hub passes that onto the server,” says Lee. “We cannot see the actual information that the lock has locked, but using the patterns, the size of the packet and the timing of the packet, we can figure that information out with very high accuracy.”
Even though the information is encrypted, say the researchers, attackers can still make use of it. For example, they can figure out daily patterns of homeowners and determine whether someone is home at a given time, leaving the homeowner vulnerable to a break-in.
Perhaps more concerningly, they can inject their own random packet into the information going to and from the hub.
“If we inject some garbage packet in the patterns we figured out from the machine learning programs,” says Lee, “that packet will be delivered to the smart lock and potentially make it malfunction. So that can actually prevent the homeowner from locking their door.”
If the criminals are smart, say the researchers, the homeowner probably won’t even know their door isn’t locked since the app will say it’s correctly locked, just like usual. Cybercriminals can use a similar tactic to drain the batteries in smart devices by bombarding the hub with useless packets. But this strategy runs the risk of the smart home hub alerting the homeowner to a low battery.
Solutions to these issues, say the researchers, will need to come from Samsung, Amazon and other smart home hub giants. The manufacturers could use techniques known as packet padding, which entails making the packets sent back and forth from the hub all the same length. That would make it impractical for hackers to determine which packets do what, preventing them from, say, determining which ones are connected to the door lock, for example.
Another option for the tech companies is implementing random sequence injection, where the hubs send out irregular and meaningless packets to the network. That makes it harder to detect which packets contain useful information.
In their study, the researchers showed that using these techniques together successfully hides the unique network patterns generated by smart devices, making it difficult — if not impossible — for hackers to crack those codes. Until the companies implement such strategies, though, say the researchers, users can take some easy steps to make their network more secure.
For example, users should make sure the firewall in their router is turned on, as keeping hackers out of the router is key. Once they’re in, cybercriminals can monitor all the network packets in a home and can easily figure out smart device habits.
Also, say the researchers, users should change the passwords on their individual smart toys. Keeping devices safe is as easy as picking different difficult-to-hack passwords for each one. But many people use an iteration of ABC123 or other easy to remember ones, leaving them vulnerable to cyberattacks.
“We say in the cybersecurity world that human is the weakest link,” says Lee.
For more, see “Privacy invasion via smart-home hub in personal area networks.”