Black Hat Talks To Outline Attacks On Home Automation Systems 79
colinneagle writes "If you use the Z-Wave wireless protocol for home automation then you might prepare to have your warm, fuzzy, happiness bubble burst; there will be several presentations about attacking the automated house at the upcoming Las Vegas hackers' conferences Black Hat USA 2013 and Def Con 21. For example, CEDIA IT Task force member Bjorn Jensen said, 'Today, I could scan for open ports on the Web used by a known control system, find them, get in and wreak havoc on somebody's home. I could turn off lights, mess with HVAC systems, blow speakers, unlock doors, disarm alarm systems and worse.' Among other things, the hacking Z-Wave synopsis adds, 'Zigbee and Z-wave wireless communication protocols are the most common used RF technology in home automation systems...An open source implementation of the Z-wave protocol stack, openzwave, is available but it does not support the encryption part as of yet. Our talk will show how the Z-Wave protocol can be subjected to attacks.'"
Re:asking for trouble (Score:5, Interesting)
> For criminy's sake. TLS is *there*. It's *free*. Why the hell aren't these guys using it??
Quite a few embedded home automation devices are built around 8-bit MCUs like the Atmel AVR family. You'd be massively challenged to get even a minimal subset of TCP/IP working with a chip like the Microchip ENC28J60 ethernet controller and an Atmel Atmega 128. SSL/TLS? ROFLMAO. It's not happening. You could probably kludge something with more chips and sram, but by that point, you'd be better off throwing in the towel and buying a RPi board.
Pre-RPi, ARM boards with additional RAM were pretty expensive (at least $80-150), so a $10 AVR plus $15 Wiznet board represented a huge cost savings. Now that you can get a RPi for $30, it's kind of stupid to keep building controllers with 8-bit MCUs and ethernet-serial bridge boards... but a year ago, the RPi basically didn't exist, and even 6 months ago, it was pretty expensive once you factored in rape-level shipping charges to the US. Genuinely cheap ARM chips with external RAM are game-changing for anything that involves communication over the internet.
Re:Yup ... (Score:4, Interesting)
My energy company wants me to sign up for a smart thermostat where they can remotely change my temperature if they decide I should be using less energy -- and I sure as hell wouldn't want that.
And why is that?
Here's the deal: the world is adding a lot of homes and factories to the existing power grid, but they're not building a lot of new electrical plants. Nobody wants coal stacks near their house, nobody wants nuclear power in their back yard, nobody's going to dam another valley and kill a bunch of endangered owls, yet everyone in those new homes and factories still expect the lights to come on when they flip a switch. The grid is not only close to capacity, it's frequently at capacity. Instead of causing rolling blackouts, your power company probably buys supplemental peak electricity from factories and data centers that have large backup generators - but that emergency electricity costs anywhere from 10X - 50X the price of their existing plants, and burns expensive diesel fuel or natural gas.
The power companies would be happy to give you regular electricity at lower rates if they could charge you peak rates for consuming extra electricity during peak times. I say this because that's exactly what mine does. By agreeing to allow them to shut off the power to my heat pump for up to 40 minutes per hour during peak demand, I pay about $0.05/kWh for all the energy it uses year round. Without their demand sharing program, it would cost me at least $0.12/kWh no matter when I use it. Between me and the other members of my co-op signing up for this program, we have saved enough peak generating capacity to defer the construction of a new power plant by 10 years, so our overall rates have remained nice and low. I haven't seen an electricity price increase in 10 years. (Yes, electric co-ops are awesome and your giant energy conglomerate sucks.)
So what if the house gets a few degrees warmer on about 5 afternoons out of the year? Cooperation is worth it.
And regarding security, our load controller is a simple FM receiver that operates a relay. When it gets a "sharing request", it picks its own time window and shuts the pump to the compressor off for a random 40 minutes out of each hour. The thermostat is calling for cooling, the HVAC system is running the fans and it thinks it's turned the compressor on, but nothing cool actually happens. The relay is the only interface to my house, and it is wired directly into the compressor. There is no other interconnection with any home systems, no back channel through which a hacker could inject a rogue FM signal to unlock my doors, or disable my alarm system, or shut off my freezer and make my frozen foods all melty.