Hackers showed they have a very long reach at the Defcon hacker conference this week. They can turn off your power or hack your home automation systems through internet-connected power lines.
Independent security researchers David “Rel1k” Kennedy and Rob “Kc57” Simon told the audience that they were releasing free tools that will let hackers break into home automation, business automation, and security systems that operate over the electrical wires of a building. It’s one more example of how hackers can pretty much break into any computerized technology available.
“We have to bring more exposure to this attack vector,” Kennedy said in his talk, which drew a big crowd at Defcon.
The newest “broadband over power line” (BPL) networks allow users to extend their internet connections over electrical wires to places where wireless networks or wired Ethernet networks won’t easily reach or just won’t do the job, such as living rooms that need very high-speed internet connections to play streaming games or movies. BPL networks can deliver broadband internet at 35 megabits to 40 megabits a second, depending on a variety of factors. Home automation systems use these BPL networks to control devices such as lights, electronic lights, air conditioners, security cameras, and security alarms.
But Kennedy and Simon found that the signals are sent unencrypted over the wires and don’t require the things that are connected to them to be authenticated. Much like water meters, this fact makes the networks vulnerable to hacking. The hackers say they can connect a “sniffer,” which captures signals sent along the wire. That allows them to collect the raw signals and then try to decipher them. Once they do that, they can send commands through the network that countermand what the home owner wants.
Kennedy and Simon said they took a couple of months to create their open-source tools to hack into home automation systems that use the X10 electrical wire protocol. Normally, you plug a device like a light into an X10 adapter, which plugs into a wall socket. That allows the X10 device to turn that light on or off via commands from the home automation system.
That protocol doesn’t support encryption. The hackers say their X10 Sniffer tool can monitor what is connected to an X10 network and what the devices are doing. Their X10 Blackout tool can jam signals on the network. The tools use a $16 Teensy microcontroller board to emulate a keyboard on the network. The first time the hackers tried it, they fried their Teensy.
They also investigated the Z-Wave wireless communications protocol for home automation. That supports AES encryption standard, but they only found one device using the AES encryption and it was doing so incorrectly. You can jam a Z-Wave system, but that is illegal. The researchers showed how the hacking tools work. They can plug them inside a power socket outside a house or into a house next door, since signals from one house can be detected from afar because they may use the same interconnected wiring.
Kennedy said he could detect signals from 15 home automation systems around his home in Ohio. The tools can be preprogrammed to jam a signal if someone breaking into a house triggers an alarm by opening a window. The tool can sniff data remotely and send it to a cell phone, where a user could send back commands via text messages to disable an alarm.
By doing surveillance, cyber-savvy thieves could figure out when home owners are at home or not. They could jam the alarms and break into the house.