Watch engineers hack a ‘smart home’ door lock
Watch engineers hack a ‘smart home’ door lock
Samsung’s SmartThings is a top-selling platform that connects household electronics like lights, doors, cars, etc. Unfortunately, malicious hackers could exploit app vulnerabilities, potentially giving them access to users’ homes.. Watch as University of Michigan cybersecurity researchers hack into SmartThings. The vulnerabilities are covered in Wired: https://www.wired.com/2016/05/flaws-samsungs-smart-home-let-hackers-unlock-doors-set-off-fire-alarms/
—–
Watch more videos from Michigan Engineering and subscribe: https://www.youtube.com/user/michiganengineering
The University of Michigan College of Engineering is one of the world’s top engineering schools. Michigan Engineering is home to 12 highly-ranked departments for both undergraduate and graduate studies, with over 80,000 alumni around the globe.
—–
This project was led by Dr. Atul Prakash, a professor of computer science and engineering at the University of Michigan.
http://web.eecs.umich.edu/~aprakash/
Read the News Release:
https://news.engin.umich.edu/2016/05/hacking-into-homes-security-flaws-found-in-smartthings-connected-home-system/
Read the Research Paper:
“Security Analysis of Emerging Smart Home Applications,” (IEEE Symposium on Security and Privacy 2016)
https://ieeexplore.ieee.org/document/7546527
Follow Michigan Engineering:
Twitter: https://twitter.com/umengineering
Facebook: https://facebook.com/michigan.engineering
Instagram: https://instagram.com/michiganengineering
Contact Michigan Engineering:
https://engin.umich.edu/about/contact/
Or you can stick a pin in the hole at the bottom of the keypad.. its the release.. but either way if i want to break into a house i dont care what kind of smart crap they got. Or door locks, whatever. The only thing that would deter me is a posted sign and the sight of a cctv or camera system or if they had bars over all their windows and metal case doors with metal frames.. thatd be a house youd break in and never come back out alive.. or in handcuffs.. rig up those grates that slam closed over every window and door and a speaker sysyem indoors. somebody breaks in and all the sudden shit closes and a-voice comes over the intercom, “would you like to play a game?” Lol. Ask em where they live and go steal their shit leave a note “ good game” then let em go…
When you sent the message to the lock, your leaving the trail that you weren’t
If I buy a £100 for font door it can be picked open if a buy 300 400 smart lock if can be hacked WTF
It is definitely ill advised to hook up your electronic door lock to your phone or any other gear of any kind, especially IOT devices are a no-no.
If you’re going to use your smart lock with an RFID tag, use a shielded tag, where you have to slide part of the shield away in order to open your door.
Presumably, no lock will ever be perfect, but you just need to make it difficult enough to not be worth the time/effort for the burglar. For regular people, this should work out ok.
If a criminal element is capable of doing this, then they deserve whatever they can snatch from inside my house.
0:47
Pun intended.
And if it has no conection of any kind only code, fingerprint or cards?
i don’t trust technology we all know it can be hacked. f### the bells and whistles they just break.
so you wrote a keylogger app, that’s not really hacking in my mind, it’s just malware.
Just watching this doesn’t look like the initial attack, both require access to the Smartthings IDE so make sure you have 2FA on. The Third party app may reveal a passcode change but does not reveal the locks location. So do not put street address as your hub name. What is really disturbing is that the spokesman says they let Samsung know but doesn’t say when or what their response was… Going public like this is just creating FUD and does not add to the security.
well good thing i’m too poor to afford nice locks 😀 i just use bolts.
Let’s see will i hack their door lock or just break the window right beside it .. tough choice for criminals
thanks, for installing and running malicious code on the hub connected to the lock, is not the same as hacking the lock.
Heck I’m looking for exploitable vulnerabilities like: Enter ‘9999’ to program in a test code. This test code is a single use to unlock the door
Or Better yet, broadcasting an SSID with an open server
These guys are trying to get money from Samsung lol
When you sent the message to the lock, you left a trail that you were there
🙄 🤦♂️ this is about the same as sharing your real keys with a store to duplicate your keys while you keep shopping – which you should never do. Maintaining best practises is the REAL story here. At no point was the technology a problem. The users actions were!
and the hacker is Indian, why am I not surprised…?
I don’t like the this door hacking method, it reminds me of my great-great uncle who was a Nazi during WW2, he killed tens of thousands of Jews, gay people, mentally Ill and deficient. He was a monster and the door lock is just like him.
Two fundamental issues I see with this video. 1) These "hacks" are entirely based on an owner downloading a 3rd party app from an unverified developer. That’s like taking your keys to a shady kiosk to have them duplicated, and the kiosk making an extra copy of your key. 2) It’s not like our current locks are un-hackable. Burglars have been using lock picks for ages.
This is not called hacking! Its cheating! LOL!
Please, don’t miss land to peoples. Can you show a hack of Samsung and Yale door locks?
Chrome enthusiast "hacking" with JSON. Okay.
fuck smart locks or smart ANYTHING except TV because that shit is good lol
… dead phone means your locked in or out if you lose your phone your fucked …. fuck smart home anything people will ALWAYS BE ABLE TO HACK THAT SHIT
Every time you call a REST API you need to have an authentication token generated when you initially logged in using your smart phone. But now this ”’hacker" did not pass an Auth token in JSON which is bullshit and real lock makers don’t make such crappy REST API. In short this demo is shit and assumes lock manufacturers are dumb which they are not.
*My door was old and shifting in it’s frame, so the previous doorknob stuck.>>>**ur2.pl/1015** I took a few hours and followed the instructions to tighten my hinges and adjust the door frame so the lock closes without friction. I’m really glad I did, I’m not sure this would have worked properly without a careful install. It was definitely worth the trouble. I made some key copies, and I’ve literally only used a physical key once, and that was to test if the copies worked. I’m always forgetting if I locked the front door, so being able to check in with the Smartthings app has been f’n fantastic. This is a huge convenience that I didn’t know I was missing out on until I tried it myself.*
This guy hacks with a freakin ios system, I thought hackers preferred linux.
sending an api request isn’t hacking, capturing api requests from *your* internet isn’t hacking, the homeowner will have to be on *your* network, stop lying
As u can see
Thank you,most informative and well narrated
Wouldn’t connect door lock with a smart home….
What about finger print id
Still dont know how. This didnt show me shit
amir narini :)))))))))))))))))))))))
I was here hoping someone would hack it thought Bluetooth.
all someone needs is cell phone jammer and u won’t be able to control or be notified if something happens.
SmartThings is so expensive and apparently now insecure. Buy somethings else. $40 for a multipurpose sensor. It should cost under $5. The production cost is well under $1.
It’s easier to kick the door open, or smash a window.
So both attacks require the "victim" to install malicious software from third parties?.. Got it.. they deserve it then.
Just watching this doesn’t look like the initial attack, both require access to the Smartthings IDE so make sure you have 2FA on. The Third party app may reveal a passcode change but does not reveal the locks location. So do not put street address as your hub name. What is really disturbing is that the spokesman says they let Samsung know but doesn’t say when or what their response was… Going public like this is just creating FUD and does not add to the security. EDIT: Just noticed this is at least 2 years ago Wired just published on facebook… WTF
I thought maybe you would use rf frequency or something reasonable. I’m pretty sure Schlage isn’t going to come to my house and break in.
Thank you for this, I do not want one! Key is find with me.
Do you want to develop an app?
i just use bolts with 3 inch screws. We do have Smart tech here though, and never thought of getting smart locks. Just out of curiosity does Samsung encrypt these gadgets? Why would anything security wise accept extra coding? Set up should accept a code of up to six digits, and accept no extra code. If you need that then send it back to the manufacturer.
30sec in and my stopped working I was like I got hacked to😭😭 high moments
he looks like panda
Jesus fucking Christ, I’m being stalked someone comes in and helps themselves to everything and anything, every time I leave my home. I just bought a Yale living lock, and I watch this shit! I might just as well leave the damn door open! I don’t understand why this is even allowed on here to show everyone how to do it? My life sucks!
Seems like the main problem here is new apps are not screened at all. To launch other attacks,you need to break my wifi password….. Goodluck with that one!
IOT, products made with junk security
So they didn’t really hack a door lock, which is what I came here for, they put some spyware crap on a phone. Yawn.
"in 2019, this list helped me decide for the best keypad door lock *scafe.shop/tbkdl2019?75* hope it helps you out too!"