Security Of Smart Homes

Recommend companies developers to use when creating their password requirements now while this isn’t directed at everyday users it’s still a very good tool to use to decide what your pastures are gonna be and how secure they are now the fixed of the issue with your security camera is quite simple I would recommend following NIS T’s standards for password requirements they publish a list every year based off of the current state of security.

Essentially recommend what practices you should use while creating your password right now there is a baseline minimum of having 8 characters in your password the maximum they currently recommend is 64 64 is more for the company side of things allowing passwords up to 64 characters obviously the better or you’re better off creating a longer password when you can the longer the password the harder it is to crack.

Like I mentioned earlier you can you can order things online with Google you can order pizza stuff like that simplify the process and you can even say stuff like hey Google tell me about such and as a result back in 2017 Google and Burger King decided to make an advertisement where the Google home was essentially the center point of this.

Advertisement so essentially the commercial the main actor would come up and say hey Google tell me about the whopper at what point your Google home would respond and then read off to you the Wikipedia definition of the Google home hmm that begs the question if advertisement can access my Google home who can access my Google home so.

Back around the time they came out Andrew Gerhart over at C net actually wrote an article where you know him a few of his co-workers they tested out the voice recognition on the Amazon Alexa and the Google home what.

They found was simply having a similar voice to somewhere else they were able to trick the trick the devices to think that they were in fact him so what that means is if you have someone who just sounds like you or does a fairly good job of imitating your voice Google will assume that that is you so maybe they just are able to find out where you’re going next week what you have planned for the week for your calendar maybe they could cancel your alarm is it cause you just sleep in early.

Or they could go on and actually make charges to your your credit card account or anything is offline like I said earlier ordering a pizza or in a case.

Ordering products off of Amazon obviously this is this is a pretty big issue and and at.

Least Google while setting up the the vocal recognition they actually state people with.

Similar voices and trick the device to sound like you they they they admit it it’s a really the only thing you can do in the situation is try to avoid the credit card payment options with the Google home moving on I want to talk.

About Xbox so the Xbox one kind of brought up a lot of this concern as.

Well with a vocal recognition so the Xbox one with the Kinect it has the ability to say to turn on based off your boys do certain commands understand basic vocal commands and it does that by recording at all times so it records the ambient background and essentially tries.

To listen for the key words that you might say now a lot of people like it I personally disabled that feature on my console in fact I usually keep.

The console unplugged unless I’m using it myself and actually in the terms of conditions microsoft states that they store all of the information on their servers for developmental purposes trying to make the software better.

But they also hold the ability to sell this information to third-party third-party companies contractors anybody they want to you give them that that right when you sign up to use your Xbox one a feed with recent just the history of security breaches on Xbox how often Xbox.

And Playstation attack just game consoles being a big target you can see the concerns of of having that there so going back to the Google home you could see where.

Google may even be storing some of your information even if they don’t store the ambient recordings of your of your conversations you have to remember when when is it when it’s.

Listening when you say commands that is being sent to Google servers so I actually decided to run Wireshark well while saying some commands to my Google home and well it’s not necessarily.

Easy to decipher to decrypt I’m still able to see that packet information being sent back and forth so it’s not completely unreasonable to see that someone could get clips of your voice saying import commands essentially breach into your home devices going back into the security side of things smart.

Doorbells smart smart locks it would be fairly easy for someone to get into that you can actually set up your Google home to unlock your door so you can be sitting in the living room.

Someone can ring the doorbell and you can say hey Google unlock the door and then they can walk right in say you left the house someone.

Had a similar voice to you or they even got a recording of you saying hey Google unlock the door they could theoretically play that through the window get into your house there’s a there’s a lot that can be done a lot of damage that can be done.

If you’re not careful using using war these products there was actually a situation or a reported incident in India which I got off of India times they.

They didn’t necessarily give the best information but I still want to use it as an example where.

Essentially this reported incident they claim that these hackers that.

Broke into this man’s house were able to throw through a loophole on on his Smart TV again this article didn’t go then go into great detail I don’t want to use it as an academic source but.

The story enough is to show it’s possible if you have the the technical capabilities it’d be very easy to get into someone’s home without their permission if they have this the smart home setup a little example of being able to actually find the traffic.

Of the Google home so to start here I’m on my home network and I’m going to begin using wireshark to capture the data going through my bunk in my home Wi-Fi network so I’m gonna let this start running we can see it’s starting to go now I’m gonna start with just asking Google a few things try to build up a list of IP addresses requests from the Google home just so we can take a look at.

Hey Google what’s in the news today here’s the latest news by the way you can also ask.

For news about a given topic like news about the Oscars or any other topic that is currently in the news from Reuters TV us at 9:53 p. today it’s support from Oppenheimer funds we reverse all these top stories stop hey Google.

Well can you tell me about Microsoft according to Wikipedia Microsoft Corporation is an American multinational technology company with headquarters in Redmond Washington hey Google what’s the weather in st. Paul tonight it’s predicted to be 46 and clear right now it’s 46 and clear alright I think that’s a pretty.

Good list of furnishings to capture that.

Know the IP address of my Google home I was able to find that through my Google home app and so already we can see here I know that the dot 98 is our is.

My Google home you can even see right here Google home mini so we can actually see.

Quite a bit of information about.

The commands that I was asking here we just saw the brighter news option play and we can immediately see a casting writer straight.

Pretty clear information that’s being sent same casting there so we can see Justin’s room speaker this is this is the Google home.

I have specifically for my room again casting so.

He just kind of go through and see all righty just from the little bit that we have.

We have a fairly good amount of information from the Google home and I know whenever I see.0 so there is a significant amount of information a lot of this is the Reuters casting most packets just being sent back.

In okay so something funny just happened while I was actually working on editing the video here so I was listening to my own my own recording from the Wireshark.

Demo and Google heard me use.

My my command phrases while I was working on the video I just want to replay that here for you just to kind of show you how someone just gets a recording of.

Enough what’s the weather in st. Paul tonight it’s predicted to be 46 in clear it’s currently 46 and clear so just playing directly from audio I had.

A recorder myself my Google home was able to answer the question.