How Secure Is the Modern Smart Home? We Ask a Professional
Founder and principal security researcher of a newly launched firm called Red Mesa, Drew Porter has his eye on the future of home crime. Porter imagines a world where pocket-size devices can turn of entire smart homes, reducing them to useless "bricks" of dead electronics. Alarmingly, Porter has successfully implemented just such a device—a $400 radio transmitter that can shut down tens of thousands of dollars’ worth of networked home devices—and he spoke to Dwell about the frightening implications.
What drew you to study these new security threats targeting smart homes?
My current research looks at vulnerabilities in connected houses and the Internet of Things, and how those vulnerabilities can be used against you. This actually started by accident when I was fooling around in my house with an older system I’d developed. Its purpose was to intercept cellular signals. I was standing particularly close to my home alarm panel at the time, and I saw that the panel not only restarted, it also jumped onto the cellular network I was running. In other words, I had intercepted my own alarm system—and that defnitely should not have happened!
What could a criminal do with that device?
At the very minimum, they could intercept an alarm’s signals and then block it from reporting out.
Now, the point of this research is not to enable people to break into other people’s houses, obviously; it’s to make sure that people are aware that these types of things can happen if they have everything interconnected and if security has not been considered in a detailed manner.
Has this changed how you live or how you secure your own house?
My wife and I recently bought a house, and we had the option of selecting the "smart home" setup. My wife was actually in disbelief when I said yes to it, because she’s seen my research. But now we own a smart house.
This is funny because I started looking into all this again, a few months ago, and discovered the complete owning of home-security systems. This is a no-bar, everything-gets-owned compromise. Other researchers and I have made radio devices that fit in your pocket and can bypass all major home-security systems. Some specifically target ZigBee systems. Your wall switches and alarms probably have ZigBee systems in them; your toaster, refrigerator, washer and dryer— they all can have ZigBee systems in them. All of those are vulnerable.
That $20,000 smart-home upgrade you just paid for? It can now be nullified for about $400—which is a little depressing! Worse, it’s not like you can just turn the house back on; I haven’t found a way to reverse it yet. It’s completely bricked. All your smart lights, all your wall switches, your security alarm— they become inoperable and you have to replace them.
How does it work?
Well, I can’t give away many details yet—I’m presenting this research at the end of the year—but it operates through a software-defined radio. A conservative estimate would say that this device can be effective three or more blocks away from its target. That’s a guaranteed hit right there.