How safe is your smart home?

Recent DDos attacks suggest not so much.
Listen11:28

The Smart Home sounds like a great idea. Control the heat so it's nice and toasty when you get home! Feed your pet remotely when you're stuck at work!

But is the smart home an unsafe home? The recent DDoS attack that temporarily downed popular websites relied on connected household devices like DVRs. Now, new research shows that smart light bulbs may be vulnerable to hacking.

Colin O'Flynn is a PhD student at Dalhousie University in Halifax. Along with fellow researchers in Israel, he made Philips Hue smart light bulbs install a phony firmware update. From there, O'Flynn was able to control the lights remotely. "This meant that you could reprogram them to do anything you wanted," O'Flynn says. "I could load software on them that just made them completely non-responsive, or made them blink really fast like a strobe light."

A PhD student in computer science at Dalhousie University explains how he and his fellow researchers hacked into Phillips Hue smart light bulbs. 4:59

Philips has corrected this vulnerability, but it raises broader questions about the security of smart home devices.

AtulPrakash is a computer science professor at the University of Michigan. He specializes in computer security. "I would be cautious, overall," Prakash advises. "The technology is relatively new. Hardware is probably a little bit ahead of the software at this point, and a lot of vulnerabilities we are seeing are primarily on the software side of things." The software on smart devices gets compromised, he explains. "That's what caused the Denial of Service attack."

Despite these concerns, there's a push to popularize the smart, connected home. Smart speakers from Google and Amazon, and Apple's HomeKit system aim to streamline control of those smart devices, bringing them under a central hub. "They are good companies behind these products...with a lot of expertise, but nevertheless it's an active area of research to find security flaws," says Prakash.

Google Home acts as a hub for your connected devices. (madeby.google.com)

For smart speakers, one risk is that malicious audio could compromise the system. Recent work has shown that this may be a problem in the future. "So essentially you could have...what looks like noise to a human ear, but is actually interpreted as commands," Prakash says. "So there could be something in the background, or somebody else in the background that could play some audio but instruct your [speaker] to act in ways that you didn't expect."

Computer security expert Atul Prakash on why the smart home is beset by all kinds of security problems. 6:29

Part of the reason we've been thinking about the smart home is that there's such a push now to bring the connected home together with smart speakers like Amazon Echo, or Google Home. The idea is that you can not only ask it questions, or control your streaming music service, but that it works with a number of connected devices, like the Nest thermostat for instance.

It got Spark senior producer Michelle Parise thinking about praising...the stupid home.

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.