【The Playbirds】

It seems that some homes may be The Playbirdstoo smart for their own good.

On Monday, March 5, researchers at the San Francisco RSA conference presented to an assembled crowd of journalists and cybersecurity experts an unexpected approach for hacking into the device-enabled homes of the modern day George and Lydia Hadley.

Notably, they explained, it's not solely our internet of things that includes cameras and refrigerators we need to worry about. Instead, as people add more and more smart devices to their lives we also need to pay attention to the systems managing the interactionsbetween those tools.

Sounds fun, right?

At the core of this vulnerability is what the two Trend Micro senior threat researchers, Stephen Hilt and Numaan Huq, call "complex IoT environments" (CIE). In a corresponding paper detailing the threat, they define such an environment as typically (but not exclusively) a smart home with ten or more IoT devices linked up to one another. It's how these smart gadgets interact, via a so-called IoT automation platform, that's the problem.

SEE ALSO: Helen Mirren at RSA security conference: You're heroes who 'patrol a vast untamed wasteland'

Imagine setting up your smart doorbell to tell your smart lights to turn on when it detects a predetermined amount of outside light. Your automation platform would be the connective tissue wrapping those two services together.

"An IoT automation platform serves as a brain of sorts for the CIE and allows the creation of smart applications by functionally chaining the devices through custom rules, thus allowing devices to interact and affect each other’s actions," reads an accompanying Trend Micro blog post.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

Original image has been replaced. Credit: Mashable

If these brains can be accessed — and it turns out that many of them can be — then the entire system can be exploited. Examples provided by the researchers were chilling.

Say you set up your smart home to send you a photo, via Slack, every time your outside camera detected movement. Great, right? Well, maybe. Because, if attackers can gain access to the platform facilitating this communication between the camera and Slack, then they can intercept that image and functionally get push notification photos for your house.

"As you’re adding more and more stuff, the attack vector […] is steadily increasing,” Hilt told the crowd.

Or how about a program that, upon detecting your smartphone has joined the home Wi-Fi network, unlocks the front door smart lock. This is super futuristic and fun, until a hacker tricks the program into recognizing her phone as well and then walks into your house while you're at the beach contemplating how much easier life has been made by your networked smart home.

Original image has been replaced. Credit: Mashable

Frustratingly, according to Hilt and Huq, there are plenty of exposed IoT automation servers that can be quickly and easily found via the IoT search engine Shodan. A slide shared during the presentation noted that the researchers had discovered thousands.

What's more, these servers sometimes give specific latitude and longitude data for the house in question. This means that not only could a bad actor control a smart home online, but they could find it in real life. In one troubling example, the researchers noted that they located an exposed smart home system belonging to a house that just so happened to be quite close to their physical location.

So what does this mean for you? It means you need to pay attention to not only the security of your smart bulbs, but to the security of the system that ties them to your IoT-connected washing machine as well.

Because as we continue to add more networked devices to our homes, the under-explored problems that come with the resulting complexity are increasingly likely to rear their ugly heads.

---

Featured Video For You

---

The hidden cost of a conveniently connected world

---

Topics Cybersecurity

• Entertainment
• Games
• Science
• Life
• Digital Culture
• Deals
• Shopping
• Social Good

• Get the official Atari 7800+ Console for 50% off
• The biggest Meta mistakes and misfires in 2022
• Wordle today: Here's the answer, hints for December 23
• Passenger and tarmac worker play rock
• New MIT report reveals energy costs of AI tools like ChatGPT
• Here’s why everyone’s talking about 'Christian Girl Autumn'
• Mastodon has gained millions of new users since Elon Musk bought Twitter
• 'INeedToLeaveNYC' shows how living in NYC can be a mess of contradictions
• NYT Connections hints and answers for May 18: Tips to solve 'Connections' #707.
• 'Quordle' today: See each 'Quordle' answer and hints for December 23

• The internet is ROTFL over the 'Make Mexico Great Again Also' hats
• Sony's Xperia Agent robot is a cute, friendly smart
• Absurd trophy puts the ‘fantasy’ in fantasy football
• New Withings fitness watch adds heart rate sensor and notifications
• Amy Schumer shares what Jennifer Lawrence texted her the day of the 'Trainwreck' shooting
• Justin Bieber covers Tracy Chapman and 2Pac because he contains multitudes
• 5 global milestones that will get you ready for the 2016 Social Good Summit
• Can you find the hot dogs among the Instagrams of people's legs?
• Startup raises $2.5 million to manage music rights using blockchain
• Adorable grandparents suit up in the same outfit every single day

• President Trump says semiconductor tariffs are next
• SpaceX's Starlink announces it now has 1 million users
• Creative driver makes hilarious sign to help him merge in LA traffic
• 'INeedToLeaveNYC' shows how living in NYC can be a mess of contradictions
• AMD Radeon RX 550 + Intel Pentium G4560
• Bear breaks into a house and escapes 'like the Kool
• Twitter thread asks how your name would be spelled like the chalkboard baby name meme
• People are mocking that viral Instagram hoax with hilarious parodies
• FreeSync 2 Explained
• LastPass breach: Hacker stole passwords, company says

• Samsung Unpacked stream is set for May 12, 2025
• FTC Fortnite refunds: See if you’re eligible for one and how to get it
• 'Quordle' today: See each 'Quordle' answer and hints for December 24
• Trump's interest in buying Greenland gets relentlessly mocked on Twitter
• The Mismeasure of Media
• The hidden, magical, inclusive world of Fairytale Instagram
• The 14 most WTF TV moments of 2022
• Kamala Harris says it's been 'strange' to see her waving hand moment become a meme
• Best robot vacuum deal: Eufy Omni C20 robot vacuum and mop $300 off at Amazon
• Only passenger on a Delta plane has the time of his life with the crew