Home Insecurity

I have very conflicting thoughts regarding smart homes. On the one hand, I imagine a future in which transistors and organic displays coat almost every surface to be pretty much inevitable. On the other hand, I cannot picture a world in which people will be able to trust that these internet connected devices are secure.

“First they trick a smart-home-owning victim into clicking on a link, perhaps with a phishing email purporting to come from SmartThings support. That carefully crafted URL would take the victim to the actual SmartThings HTTPS website, where the person logs in with no apparent sign of foul play. But due to the hidden redirect in the URL, the victim’s login tokens are sent to the attacker…”

This is just one small example, and this particular implementation does still require some involvement from the user, but the fact that the customer is being phished despite logging into the legitimate website is disconcerting. Once the attacker has the users credentials, the lock on the door is absolutely meaningless to the attacker.