Security flaws in a popular smart home hub let hackers unlock front doors

[InfoSec News <alerts () infosecnews org>]

https://techcrunch.com/2019/07/02/smart-home-hub-flaws-unlock-doors/

By Zack Whittaker
TechCrunch
July 2, 2019

When is a smart home not so smart? When it can be hacked.

That’s exactly what security researchers Chase Dardaman and Jason Wheeler 
did with one of the Zipato smart hubs. In new research published Tuesday 
and shared with TechCrunch, Dardaman and Wheeler found three security 
flaws which, when chained together, could be abused to open a front door 
with a smart lock.

Smart home technology has come under increasing scrutiny in the past year. 
Although convenient to some, security experts have long warned that adding 
an internet connection to a device increases the attack surface, making 
the devices less secure than their traditional counterparts. The smart 
home hubs that control a home’s smart devices, like water meters and even 
the front door lock, can be abused to allow landlords entry to a tenant’s 
home whenever they like.

In January, security expert Lesley Carhart wrote about her landlord’s 
decision to install smart locks — forcing her to look for a new home. 
Other renters and tenants have faced similar pressure from their landlords 
and even sued to retain the right to use a physical key.

Dardaman and Wheeler began looking into the ZipaMicro, a popular smart 
home hub developed by Croatian firm Zipato, some months ago, but only 
released their findings once the flaws had been fixed.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_