Pwning Centrally-Controlled Smart Homes: It’s a Gas

Smart homes are very popular in South Korea where the internet is well developed. There are varieties of IoT (Internet of Things) devices for each household that are connected to the central control platform of the smart home.

In terms of security, the hacking of this platform is so dangerous compared with the hacking of individual IoT devices as it can physically threaten millions of people as physical devices are under attacks, such as door locks, common gates, cameras, microphones, and gas valves. In South Korea, three companies dominate the smart home market by over 90%. We have analyzed the products of these companies and proved that it is possible to remotely attack all the devices.

In this presentation, we will explain the analytical methods used in our smart home hacking project and discuss the various vulnerabilities resulting from it. We will cover the entire structure of the smart home including network separation systems, network diagrams, and possible attacks. We will also cover how to get to the firmware via update servers, hardware hacking, and software logical bugs.

Our demos will include ways in which we were able to open door locks of any other homes, control devices such as common gates, lighting, heating and gas valves. We will provide the scenarios and demonstration videos of a fully remote attack on a system which is separated from the external network.

MAIN CONFERENCE
Location: Track 1 Date: May 9, 2019 Time: 6:30 pm - 7:30 pm Sanghyun Park Seongjoon Cho