The problem with making everything smart is that it opens it up to a potential attack. While a “dumb device” has to be used manually, nobody can use it unless they’re in the same room as it. Meanwhile, if a smart device is beaming a connection without proper security, it can be accessed without anyone needing to enter the home. One such example of this is the recent smart car charging station hijacking, which demonstrated that hackers could cause havoc at best and destroy hardware at worst!
The ChargePoint Home
This is the case of the ChargePoint Home, an electric car charger that can be installed into a home’s garage. Electric vehicles have their fair share of fans, but the major problem is that there are no ways to charge cars while on the road, similar to how you would gas up at a gas station with a non-electric car. As such, electric car owners have to rely on home chargers to top up their rides ready for the next trip.
Part of the convenience that comes with the ChargePoint Home is its remote control via an Android or iOS phone. That way you don’t even need to head to the garage to fiddle with the settings. Simply do it from the comfort of your app. This extension of range comes at a price, however; hackers from outside the home could also gain access to the charger and mess with the settings.
Kaspersky Labs discovered this flaw when testing how to break into a ChargePoint Home. As it turns out, not only could they create a new user profile on the ChargePoint without the owner’s consent or knowledge, but they could modify the password verification code so they could get access with an incorrect password.
Once in, the hackers could gain control of the device’s hardware by using stack overflows. This allowed them to take control of how much current the device took in. At best, the hacker could shut this off and essentially “kill” the charger, so the user couldn’t charge their car again. At worst, the hacker could increase the current past the safe levels, causing physical damage and even fires.
What this Means for IoT
Before you start getting worried, this particular attack wasn’t actually carried out in public! It was discovered by researchers who state that, in theory, the attack could take place. This is the best-case scenario, as the researchers can then inform the manufacturers of the problem, and a fix can get published before an actual malicious hacker can perform the same action.
Regardless, this attack does show the weakness with making everything controllable via a remote device. With so many ways to sneak in through the back door and take control of the hardware, all it takes is for one unsecured device to make its way into a home to spell trouble.
Driving Out Hackers
Being able to connect to all of your devices via an app is very luxurious; however, it also opens them up to an outside attack. While this electric car charger flaw was discovered by a benevolent force, it shows what could happen should someone with malicious intent discover a hole in the defenses.
Do you feel opening up your devices to the Internet of Things is dangerous? Let us know below.