Hackers take over entire 'smart house' - Learn how to limit your risk
09/29/2015 5:55 pm PDT
Ana Garcia reports.
You've seen those ads where people can control the appliances and lights in their homes from anywhere in the country by using their phones. These so-called "smart houses" are getting very popular, but how smart and safe are they?
If you have Wi-Fi, hackers can literally take over your entire home and everything inside. Crime Watch Daily's Ana Garcia and a team of hackers tested one of the smartest houses we could find.
Vicki Johnson's new beachfront house is not only spectacular, it's "smart." She can control most everything from her phone or tablet. A secure fortress -- she thinks.
"We were told it was hack-proof," said Johnson.
We'll see about that! Johnson, a Crime Watch Daily producer, has agreed to let us launch a cyber-attack on her house. She's throwing a party for some unsuspecting guests.
"They think they are coming to take a tour of a 'smart house,'" said Johnson.
But what we're really doing is hacking her house during the party, and potentially the devices of every guest who walks through the front door.
Helping with the project are two cyber security experts from Tripwire, a company that secures the computer systems for nearly half the Fortune 500 companies.
So first we need to break into the Wi-Fi. In the world of cyber-criminals, a home's Wi-Fi is the new front door. An antenna is step one to picking the virtual lock.
Johnson has 28 devices connected to the home's wireless Internet. Once they were into the Wi-Fi system our hackers were quickly able to commandeer the home's cameras. The team is able to take control of the security cameras because they have a separate password and it's ridiculously easy.
Once our hackers are in, every security barrier falls like a line of dominos. This party's over, and the cyber-attack is about to begin. First we turn off the lights, then with control of the security cameras, we divert the video signal and play it on the TV in the living room.
With everyone's attention on the TV, the hackers talk to the guests. "We have taken control of this house, the lights, the security cameras."
Now a special message from me in the car is piped in: "I'm Ana Garcia from Crime Watch Daily and this house has just been hacked."
"We spent a lot of money doing this and we should have bought a big dog," said Johnson.
She may want that big dog after she hears what else our cyber-experts discovered while they were deep inside the guts of this "smart house."
"Every time you connect you are sending a message through China," one of our hackers tells us.
Our cyber experts say a lot of people's information is sent though China. Why?
"Because it was free or cheap for the people implementing the installation," says one of our hackers. "That poses a lot of security risks, as you can imagine."
The eight security cameras were still set to the manufacturer's default password.
But that's not where this cyber-crime spree ends. Through the Wi-Fi, hackers can get anything off of cellphones. Had we let our hackers go that far, they could have taken the financial information of the homeowners and personal data from of anyone connected to their Wi-Fi.
"You didn't hack into one thing, you hacked into everything," said Johnson. "That was scary, really scary. It was terrifying to look at my security system up there."
You don't need a fancy home on the beach with a lot of "smart" devices to understand just how vulnerable we all are now. So if you want to make your Wi-Fi at home or your cellphone safer, we found a simple tip to help stop that cyber crook -- and it's as simple as changing your password. How long should it be?
"At least 28 or more characters that incorporates numbers, letters, upper and lower cases as well as special characters," said one of our hackers.
Each symbol you add to a password makes it 10 times more secure.
In other words, toss in an exclamation point and an asterisk and you'll be a whole lot safer. Our hacker was able to take control of the security cameras because the password was ridiculously easy. The second line of defense is to make sure you always change the default passwords that come with smart devices. Whether you know it or not, most every device has one and it's available online for anyone who wants to search for it.
"I think the best part of all of this is to know the guys from Tripwire said they were not going to leave until they got our system fixed and we will be a whole lot better off for having done this," said Johnson.
We're not out to help criminals; we're out to stop them. And that's exactly why we're not revealing all the details of how our hackers breached the system. But we are here to help you! Make sure each device you own has secure passwords. Make them as complex as you can and you will limit your risk.