Beware the botnet creeping into your smart home
September 4, 2014 - A term from the world of computers—botnet—is creeping its way into the world of building automation and, according to Dr. Steffen Wendzel of the Fraunhofer Institute in Bonn (FKIE), you have to anticipate this kind of attack scenario.
By Anthony Capkun
Attackers infiltrate multiple computers via ‘bots’ (from the word ‘robots’) without their owners’ knowledge, weave the computers together into nets, and misuse them for computer attacks.
Wendzel is a researcher with the Cyber Defence department, and an expert in hacker methods. Working with Viviane Zwanger and Dr. Michael Meier, he is studying botnet attacks on smart homes using internet-linked buildings or building operations… and they’ve found the threat is absolutely real.
“Our experiments in the laboratory revealed that the typical IT building is not adequately protected against internet-based attacks. Their network components could be hijacked for use in botnets,” Wendzel said. Internet-controlled electric roller shutters, HVAC and locking systems could all be used for these kinds of attacks.
In the process, the hackers do not have to seek out the PCs as in the past; instead, they look for the components in building automation, like routers in home use, that link the buildings with the internet.
In their analysis of botnet attacks, the researchers sketched out definitive threat scenarios for smart homes. In a worst case scenario, when an attacker hacks into the building operations IT, he will learn where the residents or tenants are located and what they are doing. That includes everything, right down to going to the toilet. Intruders, for example, could use this data to prepare for a burglary. In this case, the hacker is acting in a passive capacity… simply tapping data. However, he could be equally capable of actively invading the systems.
Wendzel is currently advising against carelessly linking all building functions in private homes to the internet.