Hacking home automated systems is on the rise.

Hacking the grid took on new meaning at the DefCon hacker conference on Friday when two independent security researchers demonstrated two tools they designed to hack home and business automation and security systems that operate though power lines.

The automation systems let users control a multitude of devices, such as lights, electronic locks, heating and air conditioning systems, and security alarms and cameras. The systems operate on Ethernet networks that communicate over the existing power lines in a house or office building, sending signals back and forth to control devices.

The problem is that all of these signals are sent unencrypted, and the systems don’t require devices connected to them to be authenticated. This means that someone can connect a sniffer device to the broadband power network through an electrical outlet and sniff the signals to gather intelligence about what’s going on in a building where the systems are installed – such as monitor the movements of people in houses where security systems with motion sensors are enabled. They can also send commands through the network to control devices that are connected to it — for example, to turn lights on or off or to disable alarms and security cameras.

“None of the manufacturers have implemented really any security whatsoever on these devices,” said Dave Kennedy, one of the researchers. “It’s such an immature technology.”

Thieves could monitor a house to determine when the occupants are generally gone based on signals indicating when lights are turned off, doors and windows are closed and the alarm system is enabled. Then they could send out jamming signals from the tool to disable motion sensors and alarms before breaking into the house. They could also completely fry the system by overloading it with rapidfire commands, though Kennedy acknowledged that this could potentially cause a fire.


Link:
http://www.wired.com/threatlevel/2011/08/hacking-home-automation/