Skip to main content

U of Michigan, Microsoft researchers question whether a smart home is a safe home

The homes of the 21st century may be smarter than ever, but is that synonymous with safety? The rise of the Internet of Things has given way to a hyperconnected household, where everything from our lights to our sprinkler system to our oven can be controlled by a single hub. Unfortunately, however, this convenience may come at a serious cost. 

New research published by researchers at the University of Michigan and Microsoft sheds new light on the vulnerabilities presented by a smart home platform, offering an alarming look at how seemingly helpful devices could open up a backdoor for malicious hackers and criminals looking to turn everyday objects into outlets for hijacking. Specifically examining Samsung SmartThings, the research team drew two major conclusions. First, that while “SmartThings implements a privilege separation model … SmartApps can be overprivileged,” which is to say that these apps can “gain access to more operations on devices than their functionality requires.”

Recommended Videos

Second, the team says, “the SmartThings event subsystem, which devices use to communicate asynchronously with SmartApps via events, does not sufficiently protect events that carry sensitive information such as lock pincodes.” The implications behind these two findings could lead to a number of different attacks, including secretly planting door lock codes, stealing existing door lock codes, or inducing a fake fire alarm. Taken together or separately, each of these attacks could lead to major consequences for smart home owners.

While the team admits that many of the vulnerabilities they found would take quite a bit of expertise to exploit, the opportunity remains relevant for experienced hackers. And given how much trust we’ve placed in some of these smart home systems, allowing them to lock and unlock our doors, turn off key appliances, and more, caution is key. “If these apps are controlling nonessential things like window shades, I’d be fine with that. But users need to consider whether they’re giving up control of safety-critical devices,” says Earlence Fernandes of the University of Michigan.

Ultimately, experts say, “These software platforms are relatively new. Using them as a hobby is one thing, but they’re not there yet in terms of sensitive tasks. As a homeowner thinking of deploying them, you should consider the worst-case scenario, where a remote hacker has the same capabilities you do, and see if those risks are acceptable.”

Lulu Chang
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
This smart display alternative just added a powerful new feature to help track your chores
A person using the Skylight.

Skylight is responsible for a variety of smart display alternatives with a focus on organization and schedule planning. Last summer, it launched the premium Cal Max -- a 27-inch smart calendar that we called a “streamlined smart display alternative.” Since its arrival, Skylight has continued to roll out new features to the device, and now you’ll find a powerful feature called Routines available across the Skylight Calendar lineup. Designed to simplify chores and build good habits for the entire family, it’s a unique new feature that changes how you interact with the display.

The idea behind Routines is simple -- offer visual feedback and an easy-to-use interface to make it easier than ever to keep track of (and complete) all your chores. These can be set up on a recurring schedule, allowing you to program in everything from a quick 15 minutes of reading before bedtime or a few minutes each morning for your kids to brush their teeth. Routines can be customized with various emojis and color-coding to help keep track of them, and a fun confetti animation is triggered once they’re complete.

Read more
Dreo reveals new smart home devices to help you beat the summer heat
A fan from the Dreo Summer 2025 lineup.

Summer is just around the corner, and Dreo is gearing up for its arrival by launching several new smart devices. Some products are available now, while others will arrive within the next few months, though all are specifically designed to help you stay cool and improve your indoor air quality.

The Dreo Summer 2025 lineup includes fans, portable air conditioners, air purifiers, and humidifiers, most of which are bundled with useful smart features to improve their performance and give you easy ways to control their settings. The most premium of the bunch is the Dreo Portable Air Conditioner 319S -- its 10,000 BTU system is powerful, quiet, and drainage-free, making it an excellent way to cool your home. It also works with both Google and Alexa, and voice controls are supported for ease of use.

Read more
Roborock supercharges smart home connectivity in its smart vacs
Roborock QRevo S robot vacuum and mop Black Friday deal

Certain Roborock models will be getting a firmware update between now and April 10 that upgrades the onboard Matter protocol for an even better user experience. The announcement advises users that "exact timing will depend on different timezones," so just be patient until it rolls out. The latest lineup, including all models of the Roborock Saros and Roborock Qrevo, will see improved capabilities, alongside the Roborock S8 Max V Ultra.

In addition, Apple also announced Matter integration with the Home App on iPhone, iPad, Apple Watch, Apple TV, HomePod, and Mac today, which means you can control any compatible Roborock robot vacuum through one of these devices. That means you can now have your robot vacuum start cleaning as soon as you leave the house or set up specific cleaning areas through the Home app. Just make sure you have an iPhone that's running iOS 18.4 or later; earlier versions won't have access to these features.

Read more