Skip to main content
  1. Home
  2. Smart Home
  3. News

Researchers discover a worrying security flaw in Zipato smart home hubs

Patrick Hearn
By

In light of recent discussion surrounding smart home security, researchers Chase Dardaman and Jason Wheeler began to look into popular smart home hubs to discover just how secure the devices actually were. What they found is unsettling at best, TechCrunch reports. The two researchers hacked into a ZipaMicro, a smart home hub produced by the Croatian company Zipato. Their research revealed three specific security flaws that, when used in conjunction with one another, could open a smart lock connected to the hub.

Dardaman and Wheeler discovered a secure shell key (SSH), a standard part of most modern network security, had been hardcoded into every hub. This key could be extracted from the memory card on the device. What’s more, anyone with a private key could access the device without the master password.

Recommended Videos

In other words, every home with the same hub was vulnerable to attack. The Zipato hub uses a type of security authentication called “pass the hash.” When a password is entered into a device, it normally scrambles the password upon entry and stores it that way so only someone or something with the right encryption code can access it. “Pass the hash”  means the Zipato hub does not need to unscramble the password to use it; the device grants access even if the scrambled (hashed) version is used, which allowed Dardaman and Wheeler access.

Related

While this vulnerability only applies to Zipato hubs, any device operating under the same account is open to attack. Many apartment buildings have begun to install smart locks in units to offer potential renters more convenience, but this exploit means any apartment under the same account could be opened at will.

The ZipaMicro is designed to grant homeowners easy control of all their devices through a central point, but these findings show how a hub can potentially create vulnerabilities that bypass other security measures.

Of course, there are obstacles in the way. Any attacker would need to have access to the same Wi-Fi network as the smart hub in question. If a device is connected to the internet, however, that is no longer an issue — an attacker could gain remote access.

According to Zipato, it has 112,000 devices across 20,000 households, but the exact number of vulnerable systems is not yet known. Zipato released a statement after the researcher’s findings were made public that multiple security improvements have been made, but the existence of such a vulnerability brings security advocate’s concerns front and center: Smart home technology needs more protection.

Editors' Recommendations

Topics
Patrick Hearn
Patrick Hearn
Former Digital Trends Contributor
Patrick Hearn writes about smart home technology like Amazon Alexa, Google Assistant, smart light bulbs, and more. If it's a…
Blink Mini 2 vs. Blink Mini: Is Amazon’s new security camera a worthy upgrade?
The Blink Mini 2 installed outside.

Amazon recently introduced the Blink Mini 2, the successor to the wildly popular Blink Mini indoor security camera. The smart home device adds a few new tricks, including support for outdoor use and Person Detection, making it a nice improvement over the aging Blink Mini. But what exactly is the difference between the Blink Mini 2 and Blink Mini? And, more importantly, is it worth rushing out to replace your Blink Mini with the newer security camera?

From resolution and pricing to Person Detection and more, here's a look at everything you need to know about the Blink Mini and Blink Mini 2.
Pricing and monthly fees

Read more
Echo Hub vs. Echo Show 15: Which is the best smart home gadget?
Amazon Fire TV on Echo Show 15.

The Echo Hub might look like a smart display, but it actually falls into a category of smart home products known as smart control panels. Unlike smart displays, which are jack-of-all-trades entertainment hubs, control panels are designed to give you enhanced control over the rest of your smart home. That's an important distinction, and it's one of the main differences between the Echo Hub and Echo Show 15.

But is the Echo Hub or Echo Show 15 better for your smart home? Here's everything you need to know before making a purchase.
Pricing and design

Read more
The 6 best Echo Hub tips and tricks
The Echo Hub on a stand.

Amazon's first smart control panel, the Echo Hub, is officially here. It's not without a few quirks, but it offers a great way to access all your smart home gadgets in one unified location. Thousands of products can be connected to the panel, and with full Matter support, it's a relatively future-proofed device. If you're looking to get the most out of your new control panel, here's a look at the six best Echo Hub tips and tricks to optimize its performance.
Customize your Echo Hub home screen before you do anything else

There are tons of ways to modify your Echo Hub home screen. After syncing all your smart home devices, you can create a variety of tiles for the home screen that give you quick access to all your features. Take some time to create widgets, shortcuts, and other tiles for your most-used devices and actions, as it'll streamline your smart home and save you the hassle of digging through menus.
Check out all the privacy settings
Like all things Alexa, there are plenty of privacy settings for you to tinker with on the Echo Hub. While the control panel benefits from a microphone button and the option to delete voice recordings, you can also dig into other Alexa settings to ensure your privacy is respected.
Launch Routines directly from the Echo Hub

Read more