In modern houses, it doesn’t take a poltergeist to turn lights on and off, unlock doors or send a shiver down occupiers’ spines anymore. Hackers have numerous avenues into people’s properties thanks to growing numbers of connected machines managing residential environments.
Today, a slew of vulnerabilities in so-called “home automation” technologies, which provide an easy way to access all connected machines in a house from the web or a smartphone app, were revealed. They would have allowed anyone, even someone with close-to-zero technical ability, to infiltrate properties from anywhere on the planet.
Two of the flaws reside in software from Honeywell, of Morristown, NJ, one of the biggest technology manufacturers in the US. According to Maxim Rupp, securityresearcher at German firm Cure53, it’s remarkably simple for anyone to access others’ Honeywell Tuxedo Touch web interfaces, used to control all connected parts of the home, including cameras, thermostats, lights, locks and shades. That’s because of some seriously slack authentication, says Rupp.
view the full story here