My Connected Home Has Been Hacked
Hacked. A Washing Machine? Seriously? How could someone had gotten through the firewall on my router to see the washing machine to hack it?
~ Written By Darren Baker
Last week I had dinner with a friend who works for Amazon who just purchased a new home in the Seattle area. Being that were both technologists, the topic turned to home networking. My friend told me in the top level of his house, he wasn’t getting a good Wi-Fi signal. He was looking at buying a new wireless router, but since there was nothing wrong with the one he had he just couldn’t bring himself to throw it away and purchase a new one. Eventually he told me the one he had was four years old, and he was just looking to reposition it in the house to get a better signal instead of buying a new one.
I also built a new house in the Seattle area in 2013. I was able to get my wife to agree that we would include Internet connected devices where possible, to try to make our lives easier. So far we have six Internet connected devices in the house and it’s starting to become a showcase for the Internet of Things. They are:
Internet Connected Garage Door Opener: This device lets us check the status of the garage door from our phone (I’m really bad about forgetting to close the garage door) without going to the lower level to open the door. It also sends us notifications to our phone when one of us comes home.
Internet Connected Refrigerator: This one has a 7 inch screen, runs apps that tell the weather, news, family events, music while cooking and we can update the shopping list whenever we run out of something.
Amazon Echo: One of Amazon’s fastest selling gadgets, Amazon Echo is a voice controlled search engine and virtual assistant. We use it mostly to play music from our Amazon Prime account, and the kids ask “Alexa” for daily jokes and help with their homework. There are additional gadgets that can connect to Amazon Echo and control your lights, thermostat and other internet connected devices.
Ring, the Internet Connected Door Bell: The ring doorbell has a motion sensor and camera and can ring your phone when someone pushes the button. You can answer the door when you are not at home, and start the video and speaker from the phone and talk to them. All the video is stored in the cloud, so you can reference it later if needed.
Internet Connected Robot Vacuum Cleaner: I purchased this to help around the house because we have two little kids and we are constantly vacuuming. It is programmable and can be activated from my phone and I can check the status or call it when needed.
Internet Connected Washer and Dryer: They have 5 inch touch screens and an app that lets you start them remotely or check the status from your phone. The touch screen is very nice because you can check the status of the washer or dryer at a glance and have a much finer control on the cycles than dials can provide. Since they are internet connected, they update the firmware over the internet automatically.
I haven’t been able to bring myself to install an internet connected keyless entry system on the house yet, and it’s a good thing too. What is the one thing that makes all these things work together? The internet router. Each one of these devices needs your router access point name and password. Here is the problem. If your ROUTER is compromised, so potentially are all your devices on it.
Last fall, we had an issue with our washing machine. The screen, which is run by a small computer inside running Android, starting displaying everything BACKWARDS. The screen functioned as though the screen was correct, meaning the buttons appeared on left side, but you had to push the right side of the screen to make it work. I thought it was a glitch and looked up on the internet to reset it to factory settings. All devices have a factory settings switch you can use a paperclip to reset right? Wrong. There is one on the refrigerator, but not on the washer. We put in a service call, since it was still under warranty, had an engineer come out to fix it.
The engineer told me he would have to replace the entire computer unit. There was no way to reset it to factory settings, and it is a good thing that it was still under warranty because to replace the control unit with a new one would have been very expensive. He said he had worked on a couple of these, but had never seen this happen, it was as though someone had hacked the control unit and didn’t or couldn’t put it back.
Hacked. A Washing Machine? Seriously?
How could someone had gotten through the firewall on my router to see the washing machine to hack it?
I started doing some research on how to bypass the security on a home router and was surprised by what I found. In September of 2015, Arstechnica.com reported that hackers had installed back doors in cisco routers. The rumor was that the routers were leaving the factory already compromised. It made me wonder, if this could happen to Cisco, who most of the internet runs on, what about other manufacturers? I discovered that a report was released in 2013 (the same year I bought my house) that most of the top internet routers had vulnerabilities that were easy to exploit. Even my trusted Netgear N Series router had a backdoor issue.
It turns out that most all home routers produced 2 or more years about had some security vulnerabilities, including open ports, that would allow someone on the same network (read on your ISP) to take full control of the router, even perform a reset, without the password. Many technical sites reported this issue, which continued to be an issue throughout 2015. While most of these issues have been patched in the updated firmware for the router, and new devices have been released with the fixes implemented, many people could still be running compromised devices. If you have an older router, make sure you have updated the firmware, and then test it for vulnerabilities. If your router fails at any point. It’s time to invest in a newer router. I did, and promptly loaded the latest firmware.
After testing all our internet connected devices, and resetting the access point name and password on all these devices, I think we are in the clear and can start enjoying our connected home again. I did mention to the wife that since the only other device that is always on is our home media center, I should probably rebuild it too and she agreed. I had been wanting to upgrade that thing for a while now. I was able to build a completely new Media Center with an Intel NUC.
Since the NSA published a map of the United States showing major cyber attacks in the United States, and since I and my friend from Amazon live in an area considered to be one of America’s industrial centers and have a 4+ year old router, I think I was able to convince him to spend the money to purchase a new one. Your home deserves technology updates too, if you haven’t updated your router in the last 3 years, it’s probably time.
To read the original blog please visit: http://labs.sogeti.com/my-connected-home-has-been-hacked/
- Sogeti UKMake an enquiry
0330 588 8200
Sogeti UKMake an enquiry
0330 588 8200