Heard of the Internet of Things? So have hackers.
The Nest Learning Thermostat is displayed at a Home Depot store on January 13, 2014 in San Rafael, California.
At Defcon, a hacker conference recently held in Las Vegas, the big theme was the "Internet of Things."
Etemadieh reaches into the bag and pulls out the Wink Hub. It's a device that allows you to connect all kinds of smart devices to the hub, and control them from your phone.
“You can have light bulbs, thermostats, motion sensors,” Etemadieh says.
Pretty cool, right? Except Etemadieh isn’t showing me how it works, he’s showing me how to hack into it. He places a smart lock on the table; it's the kind you might find on a front door. He says if he can hop onto your WiFi, he can break into the hub.
“If I tell it true,” he says as he's typing in the command on his computer, “it’ll lock the door.”
Tell the computer “false,” and it unlocks.
The hacker community is shining a spotlight on the Internet of Things because they say a lot of manufacturers aren’t taking really basic steps to secure their smart devices from other hackers.
Mark Stanislav is with Duo Security. He says if hackers can break into one smart thing in your home, they can potentially go after every other smart device. He also says many companies are ignoring that risk.
“The type of company we see in the 'Internet of Things' right now is a company that’s crowdfunded or maybe one that’s Kickstarter-ing,” Stanislav said. “So, [they] really don’t have any money for security testing.”
Big manufacturers that can afford to take cybersecurity measures are often lax, too, says Cameron Camp, a security researcher at ESET. He says cybersecurity can add an extra layer of work that risks turning off consumers.
“It’s in the middle of the night, and you get up to get a snack, now you have to type in a password,” says Camp.
There’s also the fact that in consumer electronics, it’s all about getting your TV or refrigerator to market first. Cybersecurity adds time.
The hackers at Defcon say manufacturers are going to have to take that time once consumers find out just how vulnerable they are.