Four policemen in uniform smile from the website. Below the picture of a house with remote control. "Better home protection thanks to smart home" is the headline on the police union's prevention portal. In the text the claim that networked motion detectors, door contacts and glass sensors turn on in the event of external lights or an alarm system. "If you have surveillance cameras integrated into your smart home system, you can also look at home anytime, anywhere." If shutters, lights and televisions were remotely controlled, the thieves would be deterred.
Sounds good. Too good. Not only because the police tip is small as a display and in the post photos and equipment of the Telekom appear. Also because the smart home - instead of deterred - burglars can facilitate their actions.
German security researchers have shown the risks. So all the networked devices can tell when the residents are regularly away from home. Not even passwords need to be cracked, even the statistical evaluation of the encrypted data stream from the WLAN is sufficient. The Saarbrücken computer scientist Christoph Sorge was able to identify the signals of individual door sensors in the noise of the data. They testify when house residents come and go. "Technically, it's hard to prevent something like this so far," says Sorge, who has worked on smart home security in several research projects.
One in eight Germans already lives in an electronically networked home, more than a quarter are interested in it, and only one-fourth of the population rejects the idea categorically. This is how a representative survey of the Hamburg consultancy Splendid Research revealed. The technology is mainly used for consumer electronics, heating and lighting.
The good news: If all devices are connected by cable and all data is processed on site, this is largely safe. This also applies to a remote control, as long as an encrypted direct connection (VPN) is used. The bad news: Often the smart home technology runs on the cloud computer on the Internet. This simplifies the operation via app and allows the manufacturers to record usage habits and to send updates to the devices. And to integrate the widespread language assistants from Amazon, Google, Microsoft or Apple ("Alexa, turn off the light in the bathroom") does not work without a cloud.
Although the data usually flows encrypted through the Internet, again and again, security holes open up. The Bremen-based computer scientist Karsten Sohr has also discovered such entry-gates at major brands such as Ikea or Telekom. A Chinese low-cost manufacturer had completely renounced encryption.
If networked alarm systems or digital door locks are part of an insecure smart home, computer-savvy burglars can walk in undisturbed. No case has yet been recorded in which this had actually happened, and Sohr says: "With a screwdriver, the front door is still leveraged faster." But if an intruder could succeed in a smart home, hundreds of thousands of identical systems would also be open to him. Not only burglary and theft invites, but also to espionage and vandalism. Looking into the nursery via a baby monitor, running the grinders of smart coffee machines to overheating - the smart home would become a haunted house.
Rather than anonymous hackers, by the way, ex-partners can be considered as perpetrators. It's mostly men who install smart home automation. After separation, they can use them for stalking attacks. In the US, where the smart home density is twice as high as in this country, that happened already: Since flickered at the ex-partner's lamps, in the middle of the night sounded loud music from the stereo, or it rang storm, though nobody stood outside. Out of 30 such cases last year, the New York Times reports that "the victims of this new form of domestic violence often did not know how smart devices work and how to shut them down."
Also in Germany there is great ignorance. One in three smart home users in the Splendid survey could not even say whether their devices were networked via the power network, data cable or radio. A certification does not exist so far. Anyone bringing devices into the EU market must prove that nobody is threatened with electrocution. IT security, on the other hand, is not an admission criterion.
Further sources for this article can be found here .