"Smart" House: Under the Threat of Hackers
In recent years, experts in the field of information technology constantly warn, and journalists dutifully replicate information about cyberthreats to military and vital civilian infrastructure facilities.
And indeed, when from all the news sources you read about information attacks planned by special services of unfriendly states, and Hollywood reinforces the sensations in such extra-realistic films as “Die Hard” 1-5, where cyber-terrorists using sophisticated programs hack FBI networks and start implementing a plan for destruction infrastructure of the USA - it becomes very uncomfortable.
It is clear that governments are beginning to think about possible risks and protect important institutions (=potential targets) in all possible ways. However, the state has little to do with ordinary citizens who, due to the explosive development of digital technologies, suddenly found themselves one on one with experienced hackers. "Smart houses" save electricity, monitor the safety of the house and people living in it, and even are able to prevent accidents. Most owners are satisfied with their home automation and consider such systems absolutely safe. Unfortunately, these systems are very vulnerable. Our "digital homes" are under threat!
As early as mid-2017, experts from BullGuard, an American anti-virus protection company, discovered a giant botnet for carrying out DoS attacks. The most surprising thing for them was not the size of the network, but what devices it was made of. Most of them were not computers, but intellectual technology from the “Smart House” systems. More than a million smart devices were infected. But after all, each of them could be used not only as a cell of a botnet, but also as an "entrance" to a smart house.
And in 2018, experts from the company Avast, which sells anti-virus protection packages of the Internet, recognized the fact that "smart houses" were defenseless before hacker infiltrations. In America, information from "smart homes" comes directly from recording devices: meters and sensors to databases - to processing centers. To transfer these not so important, but still confidential data in the US and many other countries, the Message Queuing Telemetry Transport (MQTT) protocol is used.
According to the Avast experts, the MQTT protocol itself is quite secure, but it is often incorrectly configured during installation. As a result, hackers can easily access the information system at home to find out whether the owners are at home or not, to reconfigure the entertainment systems in the house, to knock down the settings of "smart" home appliances (e.g. clock, stove, refrigerator, TV, etc.), remotely activate electric drives for locking doors and windows and so on.
In some cases, intruders manage to even track the location of the owners of the house, which becomes a blatant violation of the norms of non-interference in private life and the threat to the safety of the home.
Almost all elements of the smart house system can be hacked and become a source of leaks of important information, a gateway to robbers or part of a botnet. All this is extremely unpleasant and undesirable. Of course, there are simple security rules, such as: do not communicate with the smart home system through open social networks or using public Wi-Fi systems. However, rules like "wash your hands before eating" are too simple for modern sophisticated world and are effective only in a limited number of cases. "Smart houses" as well as "smart infrastructure facilities" require serious protection, combining software and hardware components.
The emerging threat always generates proposals for its elimination. Some Russian firms that offer platform solutions for cyber-protection of terminal smart devices, such as NTC “NAO-Pro”, have joined the competition with American firms such as Alert Logic and others with similar specialization. The question remains in whose systems will be more acceptable for the market of individual "smart" houses in terms of price-quality - Russian or American.