Watch engineers hack a ‘smart home’ door lock

Watch engineers hack a ‘smart home’ door lock

Samsung’s SmartThings is a top-selling platform that connects household electronics like lights, doors, cars, etc. Unfortunately, malicious hackers could exploit app vulnerabilities, potentially giving them access to users’ homes.. Watch as University of Michigan cybersecurity researchers hack into SmartThings. The vulnerabilities are covered in Wired: https://www.wired.com/2016/05/flaws-samsungs-smart-home-let-hackers-unlock-doors-set-off-fire-alarms/

—–
Watch more videos from Michigan Engineering and subscribe: https://www.youtube.com/user/michiganengineering

The University of Michigan College of Engineering is one of the world’s top engineering schools. Michigan Engineering is home to 12 highly-ranked departments for both undergraduate and graduate studies, with over 80,000 alumni around the globe.

Home

—–

This project was led by Dr. Atul Prakash, a professor of computer science and engineering at the University of Michigan.
http://web.eecs.umich.edu/~aprakash/

Read the News Release:
https://news.engin.umich.edu/2016/05/hacking-into-homes-security-flaws-found-in-smartthings-connected-home-system/

Read the Research Paper:
“Security Analysis of Emerging Smart Home Applications,” (IEEE Symposium on Security and Privacy 2016)
https://ieeexplore.ieee.org/document/7546527

Follow Michigan Engineering:
Twitter: https://twitter.com/umengineering
Facebook: https://facebook.com/michigan.engineering
Instagram: https://instagram.com/michiganengineering

Contact Michigan Engineering:
https://engin.umich.edu/about/contact/

50 Comments

  1. Z Ack on September 23, 2020 at 10:21 pm

    Or you can stick a pin in the hole at the bottom of the keypad.. its the release.. but either way if i want to break into a house i dont care what kind of smart crap they got. Or door locks, whatever. The only thing that would deter me is a posted sign and the sight of a cctv or camera system or if they had bars over all their windows and metal case doors with metal frames.. thatd be a house youd break in and never come back out alive.. or in handcuffs.. rig up those grates that slam closed over every window and door and a speaker sysyem indoors. somebody breaks in and all the sudden shit closes and a-voice comes over the intercom, “would you like to play a game?” Lol. Ask em where they live and go steal their shit leave a note “ good game” then let em go…

  2. NICHOLAS LANDOLINA on September 23, 2020 at 10:21 pm

    When you sent the message to the lock, your leaving the trail that you weren’t

  3. bradley jamie on September 23, 2020 at 10:22 pm

    If I buy a £100 for font door it can be picked open if a buy 300 400 smart lock if can be hacked WTF

  4. Builder on September 23, 2020 at 10:23 pm

    It is definitely ill advised to hook up your electronic door lock to your phone or any other gear of any kind, especially IOT devices are a no-no.
    If you’re going to use your smart lock with an RFID tag, use a shielded tag, where you have to slide part of the shield away in order to open your door.
    Presumably, no lock will ever be perfect, but you just need to make it difficult enough to not be worth the time/effort for the burglar. For regular people, this should work out ok.

  5. shin888 on September 23, 2020 at 10:24 pm

    If a criminal element is capable of doing this, then they deserve whatever they can snatch from inside my house.

  6. Pseudynom on September 23, 2020 at 10:24 pm

    0:47
    Pun intended.

  7. WarriorOfMetal RoadOfKings on September 23, 2020 at 10:24 pm

    And if it has no conection of any kind only code, fingerprint or cards?

  8. Bill bick on September 23, 2020 at 10:26 pm

    i don’t trust technology we all know it can be hacked. f### the bells and whistles they just break.

  9. Adam on September 23, 2020 at 10:28 pm

    so you wrote a keylogger app, that’s not really hacking in my mind, it’s just malware.

  10. Paul Caldwell on September 23, 2020 at 10:30 pm

    Just watching this doesn’t look like the initial attack, both require access to the Smartthings IDE so make sure you have 2FA on. The Third party app may reveal a passcode change but does not reveal the locks location. So do not put street address as your hub name. What is really disturbing is that the spokesman says they let Samsung know but doesn’t say when or what their response was… Going public like this is just creating FUD and does not add to the security.

  11. loothootyou on September 23, 2020 at 10:33 pm

    well good thing i’m too poor to afford nice locks 😀 i just use bolts.

  12. Not a Phony on September 23, 2020 at 10:34 pm

    Let’s see will i hack their door lock or just break the window right beside it .. tough choice for criminals

  13. ilovefunnyamv2nd on September 23, 2020 at 10:36 pm

    thanks, for installing and running malicious code on the hub connected to the lock, is not the same as hacking the lock.
    Heck I’m looking for exploitable vulnerabilities like: Enter ‘9999’ to program in a test code. This test code is a single use to unlock the door
    Or Better yet, broadcasting an SSID with an open server

  14. iAM3xiT on September 23, 2020 at 10:36 pm

    These guys are trying to get money from Samsung lol

  15. NICHOLAS LANDOLINA on September 23, 2020 at 10:38 pm

    When you sent the message to the lock, you left a trail that you were there

  16. Original Radman on September 23, 2020 at 10:38 pm

    🙄 🤦‍♂️ this is about the same as sharing your real keys with a store to duplicate your keys while you keep shopping – which you should never do. Maintaining best practises is the REAL story here. At no point was the technology a problem. The users actions were!

  17. OsamaBinLooney on September 23, 2020 at 10:39 pm

    and the hacker is Indian, why am I not surprised…?

  18. Rick B on September 23, 2020 at 10:39 pm

    I don’t like the this door hacking method, it reminds me of my great-great uncle who was a Nazi during WW2, he killed tens of thousands of Jews, gay people, mentally Ill and deficient. He was a monster and the door lock is just like him.

  19. Jason Breslow on September 23, 2020 at 10:40 pm

    Two fundamental issues I see with this video. 1) These "hacks" are entirely based on an owner downloading a 3rd party app from an unverified developer. That’s like taking your keys to a shady kiosk to have them duplicated, and the kiosk making an extra copy of your key. 2) It’s not like our current locks are un-hackable. Burglars have been using lock picks for ages.

  20. Kaustav Thakur on September 23, 2020 at 10:40 pm

    This is not called hacking! Its cheating! LOL!

  21. All-in-One on September 23, 2020 at 10:40 pm

    Please, don’t miss land to peoples. Can you show a hack of Samsung and Yale door locks?

  22. Shadow Banned? on September 23, 2020 at 10:45 pm

    Chrome enthusiast "hacking" with JSON. Okay.

  23. Nexter5722 on September 23, 2020 at 10:45 pm

    fuck smart locks or smart ANYTHING except TV because that shit is good lol
    … dead phone means your locked in or out if you lose your phone your fucked …. fuck smart home anything people will ALWAYS BE ABLE TO HACK THAT SHIT

  24. feildtheory on September 23, 2020 at 10:47 pm

    Every time you call a REST API you need to have an authentication token generated when you initially logged in using your smart phone. But now this ”’hacker" did not pass an Auth token in JSON which is bullshit and real lock makers don’t make such crappy REST API. In short this demo is shit and assumes lock manufacturers are dumb which they are not.

  25. sameer shaikh on September 23, 2020 at 10:50 pm

    *My door was old and shifting in it’s frame, so the previous doorknob stuck.>>>**ur2.pl/1015** I took a few hours and followed the instructions to tighten my hinges and adjust the door frame so the lock closes without friction. I’m really glad I did, I’m not sure this would have worked properly without a careful install. It was definitely worth the trouble. I made some key copies, and I’ve literally only used a physical key once, and that was to test if the copies worked. I’m always forgetting if I locked the front door, so being able to check in with the Smartthings app has been f’n fantastic. This is a huge convenience that I didn’t know I was missing out on until I tried it myself.*

  26. Hood Cube on September 23, 2020 at 10:50 pm

    This guy hacks with a freakin ios system, I thought hackers preferred linux.

  27. Le Epic Troll on September 23, 2020 at 10:52 pm

    sending an api request isn’t hacking, capturing api requests from *your* internet isn’t hacking, the homeowner will have to be on *your* network, stop lying

  28. Dan L. on September 23, 2020 at 10:53 pm

    As u can see

  29. big dog on September 23, 2020 at 10:53 pm

    Thank you,most informative and well narrated

  30. Ho55Delux on September 23, 2020 at 10:54 pm

    Wouldn’t connect door lock with a smart home….

  31. Krishnan Sivadas on September 23, 2020 at 10:55 pm

    What about finger print id

  32. 660hpCamaro on September 23, 2020 at 10:58 pm

    Still dont know how. This didnt show me shit

  33. Warden R.ian on September 23, 2020 at 11:00 pm

    amir narini :)))))))))))))))))))))))

  34. Brandon Fox on September 23, 2020 at 11:01 pm

    I was here hoping someone would hack it thought Bluetooth.

  35. Bill bick on September 23, 2020 at 11:02 pm

    all someone needs is cell phone jammer and u won’t be able to control or be notified if something happens.

  36. aggplanta on September 23, 2020 at 11:03 pm

    SmartThings is so expensive and apparently now insecure. Buy somethings else. $40 for a multipurpose sensor. It should cost under $5. The production cost is well under $1.

  37. Luau_JK on September 23, 2020 at 11:05 pm

    It’s easier to kick the door open, or smash a window.

  38. JA AS on September 23, 2020 at 11:06 pm

    So both attacks require the "victim" to install malicious software from third parties?.. Got it.. they deserve it then.

  39. Paul Caldwell on September 23, 2020 at 11:09 pm

    Just watching this doesn’t look like the initial attack, both require access to the Smartthings IDE so make sure you have 2FA on. The Third party app may reveal a passcode change but does not reveal the locks location. So do not put street address as your hub name. What is really disturbing is that the spokesman says they let Samsung know but doesn’t say when or what their response was… Going public like this is just creating FUD and does not add to the security. EDIT: Just noticed this is at least 2 years ago Wired just published on facebook… WTF

  40. Silent Penguin on September 23, 2020 at 11:12 pm

    I thought maybe you would use rf frequency or something reasonable. I’m pretty sure Schlage isn’t going to come to my house and break in.

  41. Josef Holzer on September 23, 2020 at 11:13 pm

    Thank you for this, I do not want one! Key is find with me.

  42. Red Tango on September 23, 2020 at 11:14 pm

    Do you want to develop an app?

  43. C Johnson on September 23, 2020 at 11:14 pm

    i just use bolts with 3 inch screws. We do have Smart tech here though, and never thought of getting smart locks. Just out of curiosity does Samsung encrypt these gadgets? Why would anything security wise accept extra coding? Set up should accept a code of up to six digits, and accept no extra code. If you need that then send it back to the manufacturer.

  44. Zoplayers cod on September 23, 2020 at 11:15 pm

    30sec in and my stopped working I was like I got hacked to😭😭 high moments

  45. pockeybear milk on September 23, 2020 at 11:15 pm

    he looks like panda

  46. Joan Snow on September 23, 2020 at 11:15 pm

    Jesus fucking Christ, I’m being stalked someone comes in and helps themselves to everything and anything, every time I leave my home. I just bought a Yale living lock, and I watch this shit! I might just as well leave the damn door open! I don’t understand why this is even allowed on here to show everyone how to do it? My life sucks!

  47. can you see me on September 23, 2020 at 11:16 pm

    Seems like the main problem here is new apps are not screened at all. To launch other attacks,you need to break my wifi password….. Goodluck with that one!

  48. 633r on September 23, 2020 at 11:17 pm

    IOT, products made with junk security

  49. Kalum Batsch on September 23, 2020 at 11:17 pm

    So they didn’t really hack a door lock, which is what I came here for, they put some spyware crap on a phone. Yawn.

  50. Mariangel Mendez on September 23, 2020 at 11:19 pm

    "in 2019, this list helped me decide for the best keypad door lock *scafe.shop/tbkdl2019?75* hope it helps you out too!"

Leave a Comment