Home Smart Home – What Your Thermostat Knows

New technologies that allow users to control important home devices, such as appliances and security systems, from their phones also give creative hackers plenty of opportunity to hijack and glean information from these "smart" devices. It sounds like the plot of a science fiction movie (and in fact, it has been) but these devices have surprisingly few security features and can give over a shocking amount of information and control to those who might wish to do their users harm.

Good-guy hackers have proven again and again that they can hack into smart devices. Not only are they playfully scaring users by becoming digital poltergeists, but on a more serious note, they have found that they could orchestrate break-ins and harvest valuable personal data.

One security company investigated smart home thermostats and found that they were, in fact, hackable. The hackers found that they could peek into users' web history, the times when they were and were not home, and other crucial information that you wouldn't want a hacker to know.

A thermostat-based security breach is unlikely since the hacker would have to have to physically enter the building and hook up to the thermostat with a USB cable-unless you bought it secondhand.

However, that doesn't mean that there aren't other dangers when all your most important items can connect to WiFi. This trend of internet-connected appliances, known as the Internet of Things, gives hackers multiple routes into your personal life, and they've definitely made use of that ability.

Hackers can already breach camera systems, smart TVs and baby monitors. It may not seem like much of a threat, but it has led to nude images of innocent people being leaked online. Smart meters in Spain have fallen victim to electricity blackouts and billing fraud. One woman found that she had the ability to control all the utilities in the houses of eight strangers, opening them up to poltergeist-like activity and break-ins. Luckily, she decided to alert the company and the device owners to the security problems instead.

Many of these vulnerabilities are impossible to fix because they were built right into the device when developers and engineers neglected to think about cybersecurity. That means that without altering the router they use to connect to the internet, they are completely unprotected from hackers.

So what are the security experts at these companies doing? The creators who make these smart devices are only taking into account the accusations of data harvesting and surveillance they might face. Right now, companies avoid the accusation that they are collecting personal data via devices by using only server-side privacy measures to protect users. It's well-meaning, but incomplete. It leaves the device itself totally open to tampering.

Some will argue that smart device security is unnecessary, since smart homes are unlikely targets for hackers compared to large databases of personal information, but that doesn't mean hackers aren't going to try to succeed. As addressed above, they already have. The devices may not hold large stores of information like the more common targets of bank or hospital databases, but they are a prime target for hackers or stalkers who want to infiltrate the home and life of a particular person. Celebrities and public figures will be particularly vulnerable, and the danger will only increase further once smart home devices become more mainstream.

However, there is another, more present danger. Smart devices will help hackers become more successful at hacking other targets. A common tactic of hackers is to add malicious code to a website that will invite itself into your device and invisibly enslave it to work for a "botnet," which is a connected network of devices all working to hack something else. Internet of Things devices would be a perfect target, since they're seldom disconnected from the internet and their security is rarely considered.

There's nothing wrong with using smart home technology to help users manage their homes and their lives more efficiently, but it is irresponsible of companies to leave such a gaping security flaw in their products, and their consumers deserve to be aware of the true hacking dangers of the products they're buying and bringing into their homes.