Author Topic: Black Hat Talks To Outline Attacks On Home Automation Systems  (Read 31369 times)


Offline guessed

  • Community Beta
  • Master Member
  • ******
  • Posts: 5301
  • Karma: +92/-22
  • Release compat is not a bolted-on afterthought
Re: Black Hat Talks To Outline Attacks On Home Automation Systems
« Reply #1 on: June 26, 2013, 03:07:07 pm »
Should we be worried?
It depends upon what you worry about...   I'm not concerned with people turning on/off might lights, I'd be more concerned with people breaking into the MiOS servers, and getting access with that path. 

For that reason, anyone that's really worried:
a) probably isn't going to do HA; OR
b) will minimize the connected devices to their HA system; OR
c) will isolate the HA Network from their home Network (since, when hacked, MiOS will provide an effective gateway to everything on your Home Network)

Offline tedp

  • Sr. Member
  • ****
  • Posts: 288
  • Karma: +6/-2
Re: Black Hat Talks To Outline Attacks On Home Automation Systems
« Reply #2 on: June 26, 2013, 04:28:49 pm »
Agreed.. I personally don't have any tie ins to locks and alarm systems, but it seems that many z-wave users do allow access to locks and alarm systems which could be vulnerable even if the network aspect of the gateway is isolated.

Offline guessed

  • Community Beta
  • Master Member
  • ******
  • Posts: 5301
  • Karma: +92/-22
  • Release compat is not a bolted-on afterthought
Re: Black Hat Talks To Outline Attacks On Home Automation Systems
« Reply #3 on: June 26, 2013, 04:41:42 pm »
Someone wanting to physically break into the house will only be marginally put off by an Alarm system, and isn't likely to have the skills to run an electronic hack before they enter (for the average house)

Breaking into the house electronically, and getting access to unprotected Shared Files/Documents on the Home-LAN, is a wholly different class of thief... one that's probably not interested in coming physically near to you, and isn't at all worried about physical perimeter protections like Alarm systems.

In the latter case, they're much more interested in account details, passwords, financial information and/or SSN's (etc) they can get...

For this type of hacker, I'd guess that identity theft, rather than physical theft, is more profitable.


I always wonder how many people are assuming they're home Networks are "safe", and so don't put in other controls to prevent one of the devices on the Home Network doing something "errant".  As we get more connected, this will become a lot larger problem (IMHO) than making the lights blink.

Offline guessed

  • Community Beta
  • Master Member
  • ******
  • Posts: 5301
  • Karma: +92/-22
  • Release compat is not a bolted-on afterthought
Re: Black Hat Talks To Outline Attacks On Home Automation Systems
« Reply #4 on: June 26, 2013, 04:56:21 pm »
... and to swing this back to a Vera-context, all it would take is to break into a cp.mios.com account.

Once you've done that, via say a URL-based Password cracker, you have access to the Vera unit.

From there, as has been discussed before, you can fire off a URL that'll cause Vera to open up an outbound/anonymous SSH tunnel to any machine on the Internet, and the hacker can now gain access to your whole-home Network.... poking around as much as they want.

... and that's the easiest example.


So I'd be more about asking when more security (like Account lockout, among others) will be implemented against cp.mios.com than the Z-Wave stuff.  But that's just my perspective   8)

Offline Da_JoJo

  • Hero Member
  • *****
  • Posts: 1380
  • Karma: +16/-78
  • If something aint work, we can allways try n make
Re: Black Hat Talks To Outline Attacks On Home Automation Systems
« Reply #5 on: June 26, 2013, 06:58:56 pm »
when on the home internal network one can just trigger a url for the ip:3480 and so steer any device without loggin in.
imho thats one of the reasons i dont have a automatic opener on my frontdoor and my ip-cams record directly to mail&ftp account on a online source outside of the vera.
Vera lite (1.5.622), 2x an-158/2, dead usb pl2302 rs-232, 2x greenwave 6 port, 4x Fibaro FGD211 v1.6, FGBS001, few FGS - 221, etc. AuthomationHD 3 for android :-)
Dutch & German translator http://wiki.micasaverde.com/index.php/Special:AllPages http://support.micasaverde.com http://domotica-shop.nl

Offline guessed

  • Community Beta
  • Master Member
  • ******
  • Posts: 5301
  • Karma: +92/-22
  • Release compat is not a bolted-on afterthought
Re: Black Hat Talks To Outline Attacks On Home Automation Systems
« Reply #6 on: June 27, 2013, 03:30:43 am »
Maybe, but at least most home networks have some rudimentary, not-too-easy, security in place.... Usually requiring physical access (cable), or physical proximity (Wifi cracking).... So the process to use this to look at stuff is slow, and likely requires physical presence.

Things that open Proxy tunnels from your Network, to third party servers (without adequate access controls in place), leave them potentially exposed to someone in a barcalounger 1/2 way around the world going after PII and/financial data.

ie. write a Bot to crack open accounts/passwords on the Internet-facing end, and you potentially open up 100's, or 1000's of home networks.... Remotely, and cheaply, with low risk.

There are even HTTP proxy servers in some countries that'll mask your identity whilst you're doing the scans (.se domain, IIRC from looking at the folks hacking the forums here)

I know what I'd target....
« Last Edit: June 27, 2013, 03:42:55 am by guessed »

Offline Da_JoJo

  • Hero Member
  • *****
  • Posts: 1380
  • Karma: +16/-78
  • If something aint work, we can allways try n make
Re: Black Hat Talks To Outline Attacks On Home Automation Systems
« Reply #7 on: June 27, 2013, 07:51:56 pm »
most dangerous thing about it is that when the blackhat people have found a way and post the findings somewhere, some scriptkiddo runs away with it and start annoying ppl i guess
Vera lite (1.5.622), 2x an-158/2, dead usb pl2302 rs-232, 2x greenwave 6 port, 4x Fibaro FGD211 v1.6, FGBS001, few FGS - 221, etc. AuthomationHD 3 for android :-)
Dutch & German translator http://wiki.micasaverde.com/index.php/Special:AllPages http://support.micasaverde.com http://domotica-shop.nl

Offline SOlivas

  • Sr. Member
  • ****
  • Posts: 282
  • Karma: +1/-1
Re: Black Hat Talks To Outline Attacks On Home Automation Systems
« Reply #8 on: July 13, 2013, 01:49:15 pm »
With any "new" technology that is becoming main stream, security is normally an after thought.  People are inherently curious, and for some, the thrill and challenge of being able to crack open something is an urge they can't resist. 

I wouldn't be surprised if someone hacks the home automation systems at the Z-Wave, Zigbee, etc. protocol level, using an Arduino processor and a  homebrew piece of software for a proximity based attack, bypassing the controller completely.  Or worse yet, spoofing the HA controller, and setting up a rogue controller that relays things to the real controller, as a man-in-the middle attack.

Anything is possible.  Since Z-Wave is a black box to anyone who hasn't signed an NDA, we don't know what happens at that level. 

I wonder if anyone has reverse engineered the Z-wave firmware files yet?  I bet someone has.

 
Vera 3 (1.5.622) / 9x GE/Jasco 45609 / 2x GE/Jasco 45612 / 2x GE/Jasco 45614 / 1x MIMO Lite
1x Twine (http://forum.micasaverde.com/index.php/topic,15617.0.html), DSC Security System, Honeywell  YTH8320ZW1007 Thermostat, 1x Fortrezz WWA-01, 1x CA9000 Wireless PIR Sensor

Offline dparkinson

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
Re: Black Hat Talks To Outline Attacks On Home Automation Systems
« Reply #9 on: July 30, 2013, 08:23:32 am »

@SOlivas -- yes, I think that's one of the topics in the talks here:

https://www.blackhat.com/us-13/briefings.html#Fouladi

@guessed , you mentioned the following:

Quote
c) will isolate the HA Network from their home Network (since, when hacked, MiOS will provide an effective gateway to everything on your Home Network)

and on that, I assume you're talking about a DMZ or separate VLAN to isolate the HA network?  And then using an access control list or something to allow management from the PCs inside the house?
 

Offline RichardTSchaefer

  • Community Beta
  • Master Member
  • ******
  • Posts: 10091
  • Karma: +764/-143
Re: Black Hat Talks To Outline Attacks On Home Automation Systems
« Reply #10 on: July 30, 2013, 08:34:08 am »
Do not allow port forwards except for Authenticated and Encrypted protocols like SSH and VPNs.

Do not use a DMZ.

If you buy a device to add to your LAN ... and the device, or it's APP, asks you to make router changes ...
DON'T! DON'T! DON'T! DON'T!

You should be a security expert, or know one, before you open the barn doors on your router.

Offline guessed

  • Community Beta
  • Master Member
  • ******
  • Posts: 5301
  • Karma: +92/-22
  • Release compat is not a bolted-on afterthought
Re: Black Hat Talks To Outline Attacks On Home Automation Systems
« Reply #11 on: July 30, 2013, 10:20:08 am »
@guessed , you mentioned the following:

Quote
c) will isolate the HA Network from their home Network (since, when hacked, MiOS will provide an effective gateway to everything on your Home Network)

and on that, I assume you're talking about a DMZ or separate VLAN to isolate the HA network?  And then using an access control list or something to allow management from the PCs inside the house?
 
A VLAN, and appropriate routing rules (and devices) separating the high-trust parts of your home Network from your low-trust components.

This separation isn't about a no-trust DMZ (Internet exposure).

Instead, it's about further separations within your LAN to ensure data/control cannot flow from a low-trust HA region to a high-trust region, and using these additional [LAN] separations to protect critical assets.

Other controls need to be put in place on the LAN, depending upon how serious you are about this type of stuff.

ie. what are all the points of vunerability, what are you doing to lock those down, how much convenience do you really want.

Similar techniques are used to create [protected] low-trust guest (Wifi) Networks in homes, where the high-trust LAN zone can talk to the Guest Network, but not the other way around (but all contained within the LAN, with no WAN exposure)

Offline capjay

  • Hero Member
  • *****
  • Posts: 675
  • Karma: +9/-3
Re: Black Hat Talks To Outline Attacks On Home Automation Systems
« Reply #12 on: July 30, 2013, 10:54:18 am »
Do not allow port forwards except for Authenticated and Encrypted protocols like SSH and VPNs.

Do not use a DMZ.

If you buy a device to add to your LAN ... and the device, or it's APP, asks you to make router changes ...
DON'T! DON'T! DON'T! DON'T!

You should be a security expert, or know one, before you open the barn doors on your router.

and disable UPnP "feature" in your router. You really do not want the router opening ports on its own!!

Offline Crismaison

  • Sr. Member
  • ****
  • Posts: 451
  • Karma: +2/-0
Re: Black Hat Talks To Outline Attacks On Home Automation Systems
« Reply #13 on: July 30, 2013, 11:06:22 am »
Disabled UPnP, but I have 2 cameras which I want to access remotely, is there another way then opening a port?
Vera lite - Everspring smoke & flood detectors - Fibaro doorsensors - 2 Foscams - Greenwave 6 node smartplug - Several Switches -Netatmo - PLEG - Twilio - DropBoxuploader - FindmyIphone user

Offline dparkinson

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
Re: Black Hat Talks To Outline Attacks On Home Automation Systems
« Reply #14 on: July 30, 2013, 01:51:01 pm »
I guess my Linksys won't cut it then ;)