You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
To prove that point, in the summer of 2013 journalist Kashmir Hill did
some investigative reporting and some DIY computer hacking. Byy using a
Google search she found a simple phrase that allowed her to control some
Insteon hub devices for the home. A hub is a central device that provides
access to a mobile app or to the Internet directlyy. Through the app, people
can control the lighting in their living rooms, lock the doors to their houses,
or adjust the temperature of their homes. Through the Internet, the owner
can adjust these things while, sayy, on a business trip.
As Hill showed, an attacker could also use the Internet to remotelyy
contact the hub. As further proof, she reached out to Thomas Hatleyy, a
complete stranger, in Oregon, and asked if she could use his home as a test
case.
From her home in San Francisco, Hill was able to turn on and off the
lights within Hatleyy’s home, some six hundred miles up the Pacific coast.
She also could have controlled his hot tubs, fans, televisions, water pumps,
garage doors, and video surveillance cameras if he had had those connected.
The problem—now corrected—was that Insteon made all Hatleyy’s
information available on Google. Worse, access to this information wasn’t
protected byy a password at the time—anyyone who stumbled upon this fact
could control anyy Insteon hub that could be found online. Hatleyy’s router
did have a password, but that could be byypassed byy looking for the port
used byy Insteon, which is what Hill did.
“Thomas Hatleyy’s home was one of eight that I was able to access,” Hill
wrote. “Sensitive information was revealed—not just what appliances and
devices people had, but their time zone (along with the closest major cityy to
their home), IP addresses and even the name of a child; apparentlyy, the
parents wanted the abilityy to pull the plug on his television from afar. In at
least three cases, there was enough information to link the homes on the
Internet to their locations in the real world. The names for most of the
syystems were generic, but in one of those cases, it included a street address
that I was able to track down to a house in Connecticut.” 7
Around the same time, a similar problem was found byy Nitesh Dhanjani,
a securityy researcher. Dhanjani was looking in particular at the Philips Hue
lighting syystem, which allows the owner to adjust the color and brightness
of a lightbulb from a mobile device. The bulb has a range of sixteen million