News and Reviews....
Home Automation HACKED August 2011
By Bob Lieto
In trying to accommodate all our customers requests, grow within the industry's direction, stay current and in business, Custom Audio-Video Systems has been swept into the convergence of AV (Audio - Video) and IT (Information Technology) like all other businesses and elements of today's world. We remember back when AV had its' niche and IT had its' niche and the two were very separate. It was not to long ago.
The Internet changes all that and it has not been the same since or will it ever go back again. But I remember my first ping of wheeziness when I connected my first AV component to the Network. That sense of "uncontrolled" release of design, codes of logic and command into the great unknown.....The Internet. My fears were that the orderly commands and macros to allow precise control of our systems now became susceptible to a different facet of logic... the non-logic of a HACKER. My fears have been met, when I read an industry article today
It seems that two researchers at DefCon in Las Vegas showed how they could hack into an automation system that took advantage of power line carrier technology. Not the Internet access per se, as suspected, but I will get to that a little farther down in the text. Power line carrier is the format of X10 and Z-wave systems. The hackers showed how using a sniffer device connected to the broadband network via an electrical outlet, they could manipulate 15 different neighbor's lights, HVAC and SECURITY systems. All communicated via the power line and those signals are NOT encrypted. Keep in mind that this was not accomplished within the facility hacked, but from another home located within the area. Although, it could have been as close as from an outdoor AC outlet at the premises.
The hackers also showed how they were able to track the MOVEMENTS of 15 neighbor's with automation systems inside their homes via their motion sensors and cameras, as well as jam signals for lights and alarms. Whoa !! The hackers spent two months researching and designing their open source tools to conduct the hacks. They focused on X10 because the protocol "does not support encryption" and able to hack Z-Wave because the devices they looked at did not have the encryption incorporated properly.
The hacking tools are being released to the public as the x10 Sniffer and the x10 Blackout, which jams signals to interfere with the operation of lights, alarms, security cameras and other devices.
On another note, a German computer engineer has claimed to have decipher the code used to encrypt most of the world's Internet traffic and that he plans to publish a guide to prompt global operators to improve their signals. Karsten Nohl published the algorithms used by mobile operators to encrypt voice conversations on DIGITAL phone networks. he and a colleague intercepted and decrypted wireless data using an inexpensive, modified 7 year old Motorola cell phone and several free software applications. They intercepted and decrypted data traffic in a five-kilometer, or 3.1 mile radius. This puts the APP (application) generation at risk and all that they yearn to control.
Comment ..... My first "old school" fears seem to have surfaced. Custom Audio-Video will always try to keep as much control information, hardwired. It is a better way of control, and using wireless is kept to a minimum, unless the wireless is an RF encoded signal. This does not mean that your system is immune after reading the hacking articles, I have concluded that all systems that transfer any data via network whether that is by the front door or back door of the system, which are the folks that love their iPads and iPhone access could be held captive by forces well outside their home and control. This could make for an Intermittent Problem that could take a long time to correct and only after a serious and clever trouble-shooter spends a large amount of time to solve the cause. Even though the trouble-shooter might not, at that time be able to correct the cause without great changes to system software and hardware.
Back to Square One.
Update ..... August 12, 2011
As reported by CEPro: Home Automation pioneer X10 will no longer make powerline-based products for controlling lights, thermostats and other devices with the company stating it had nothing to do with Black Hat hacking scandal. X10 is shutting down and it appears the company is headed into receivership. The protocol created in the 1070s interestingly coincides with the high-profile report from Black Hat that it could be hacked but the company insisted that it had nothing to do with its closure. More likely, the company faced competition from newer home control technologies such as Z-Wave (RF) and Universal Powerline Bus. being the low cost provider, X10 became hobbled from higher wages in China, where it is manufactured.
Update ..... July 18, 2014
As reported by Security Today, Hacked light bulbs can reveal your Wi-Fi Password. One of the newest crazes is to control the color and level of your lighting by smart phone. Yes you can dim your living room lighting, close the garage door, let the housekeeper into your residence, turn off water if there is a leak all while keeping an eye on your property. But with smart technology comes risk or RISK. The latest involves LED light bulbs that can be hacked to change lighting and reveal your Wi-Fi password. The new bulbs operate on the 802.15.4 6 LoPAN wireless mesh network, the same base standard used by Zigbee. For the homeowner they work just like regular light bulbs by screwing into a socket, but with LIFX, the homeowner can also control them from a downloadable smartphone app. A research company known as Context Information Security found that "LIFX" mesh network protocol was largely unencrypted which allowed them to crop messages to control the bulbs and replay packet payloads. By monitoring these packets, the researchers found that when a new bulb(s) are added, messages are transmitted from the master bulb containing WI-Fi details. All a hacker has to do is request these details from the master bulb because no alarms were raised within the system. Ultimately, researchers were able to identify what encryption code there was and inject packets into the network. LIFX has since released a firmware update to fix the problem, but non-updated users remain unprotected. Note: A hacker would have to be within 25 yards to make the hack successful.
Go Faster With WiFi June 2011
Moca Saves The Day March 2011
Cable Biz November 2007
Digital Cable, See It Now or Not May 2007
Cable in Reverse April 2004