Skip to main content

U of Michigan, Microsoft researchers question whether a smart home is a safe home

smart home safety 35 million pool
The homes of the 21st century may be smarter than ever, but is that synonymous with safety? The rise of the Internet of Things has given way to a hyperconnected household, where everything from our lights to our sprinkler system to our oven can be controlled by a single hub. Unfortunately, however, this convenience may come at a serious cost. 

New research published by researchers at the University of Michigan and Microsoft sheds new light on the vulnerabilities presented by a smart home platform, offering an alarming look at how seemingly helpful devices could open up a backdoor for malicious hackers and criminals looking to turn everyday objects into outlets for hijacking. Specifically examining Samsung SmartThings, the research team drew two major conclusions. First, that while “SmartThings implements a privilege separation model … SmartApps can be overprivileged,” which is to say that these apps can “gain access to more operations on devices than their functionality requires.”

Second, the team says, “the SmartThings event subsystem, which devices use to communicate asynchronously with SmartApps via events, does not sufficiently protect events that carry sensitive information such as lock pincodes.” The implications behind these two findings could lead to a number of different attacks, including secretly planting door lock codes, stealing existing door lock codes, or inducing a fake fire alarm. Taken together or separately, each of these attacks could lead to major consequences for smart home owners.

While the team admits that many of the vulnerabilities they found would take quite a bit of expertise to exploit, the opportunity remains relevant for experienced hackers. And given how much trust we’ve placed in some of these smart home systems, allowing them to lock and unlock our doors, turn off key appliances, and more, caution is key. “If these apps are controlling nonessential things like window shades, I’d be fine with that. But users need to consider whether they’re giving up control of safety-critical devices,” says Earlence Fernandes of the University of Michigan.

Ultimately, experts say, “These software platforms are relatively new. Using them as a hobby is one thing, but they’re not there yet in terms of sensitive tasks. As a homeowner thinking of deploying them, you should consider the worst-case scenario, where a remote hacker has the same capabilities you do, and see if those risks are acceptable.”

Editors' Recommendations

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Is an Ecobee Smart Security subscription worth it?
Several Ecobee security products on a green background.

Aside from offering some of the best smart thermostats on the market, Ecobee is also a provider of smart home security systems. And like most home security systems, you'll need a monthly membership to make the most out of your gadgets. But is an Ecobee Smart Security subscription worth it? Here's a look at the two different plans available to customers, along with which homes will benefit from each plan.
What is Ecobee Smart Security Standard?

Ecobee Smart Security Standard costs $5 per month or $50 per year. It doesn't offer professional monitoring but does save videos for one camera for up to 30 days. It also benefits from arm and disarm assistance, smart motion and entry alerts, smoke alarm detection, freeze detection, and the ability to control the system from your smartphone app.

Read more
Echo Pop vs. HomePod (Gen 2): is the HomePod worth its added cost?
Apple HomePod 2023

The refreshed Apple HomePod is one of the best smart speakers on the market. It offers booming sound, a great design, and access to the Siri voice assistant. It also costs quite a bit of cash -- making it one of the most expensive smart speakers. On the other side of the pricing spectrum is the Echo Pop, which is remarkably cheap and gives you access to the Alexa voice assistant.

But is the HomePod (Gen 2) worth the added cost? Or are you better off opting for the affordable Echo Pop? Here's a closer look at the two smart speakers to help you figure out which is best for your needs.
Pricing and design

Read more
Can smart plugs be used outside?
The Ring Outdoor Smart Plug installed outside.

While they may not be as exciting as robot vacuums or smart speakers, smart plugs are a great addition to any smart home. These nifty devices allow you to remotely control anything connected to them, like the lights around your home or your trusty coffee maker. And if you're thinking about using smart plugs to control your holiday lights or other exterior decorations, you'll be glad to know that some smart plugs can be used outside.

However, not all smart plugs are up to the task, and using the wrong ones outdoors could pose serious safety risks. Before you run out on your porch and start installing smart plugs, here's what you need to know about using smart plugs outside.
Not all smart plugs can be used outside

Read more