Your future home is vulnerable to cyberattacks

@CNNMoneyTech July 26, 2012: 9:54 AM ET
Envy the Jetsons' always-connected home? It would have been a ripe target for hackers.

Envy the Jetsons' always-connected home? It would have been a ripe target for hackers.

LAS VEGAS (CNNMoney) -- If the Jetsons were real, they probably would have gotten hacked a lot.

In the classic 1960s animated sitcom, everything in the space-age family's home was networked and could be controlled by the press of a button on a remote control.

That fantasy is becoming a reality. New technology allows practically everything in your home -- from your door locks to your thermostat to your TV -- to be controlled by an Internet-connected device like a smartphone.

Unsurprisingly, many of those cutting-edge devices are filled with holes that cyberattackers can exploit.

In a briefing at the Black Hat cybersecurity conference in Las Vegas on Wednesday, security researcher Collin Mulliner showed just how easily hackers can tap into "smart home" gadgets when they're connected to mobile networks.

By scouring through a European database of registered devices on the mobile Internet, and with just a small amount of hacking, Mulliner was able to crack hundreds of home automation hubs, smart electric meter control units, and in-home security cameras.

Mulliner didn't need to break out many advanced geek skills. For example, a quick Google search revealed that one brand of popular smart meter device had a default password of 1234. Since they're typically installed by the electric company, few homeowners change it.

"This should be a wake-up call," said Mulliner. "It would be very easy to build a smart meter botnet that could shut off the lights in an entire neighborhood."

Many of the devices that turn people's houses into the Jetsons' home are still experimental -- but they're hardly the only connected gizmos that were easy to hack over the mobile networks.

If you've ever read a SkyMall magazine on an airplane, you're probably familiar with GPS tracking units that paranoid parents can stick in their teenager's car to monitor where they go.

If you can track your kid, others probably can too.

Hundreds of those devices popped up in Mulliner's scan, and few were secured in any way. Some of the units offered menu options when he tapped into them, asking if he wanted the latest location data. He didn't even need to identify himself, let alone enter a password. A hacker who can track down the IP address and a few other device specs will get access to a detailed rundown of the driver's travels.

And then there were the thousands of jailbroken iPhones that showed up in Mulliner's scan. Without some of Apple's (AAPL, Fortune 500) built-in security mechanisms, jailbroken iPhones are inherently less secure than ones that haven't been tinkered with.

"Jailbroken iPhones are a hazard waiting to happen," he said. "It's easy to perform SMS and call fraud, and soon, someone's going to steal a bunch of private data."

In 2009, Australian jailbroken iPhones were hit with a worm known as "ikee," which was more of a prank than a real threat: It replaced the phone's wallpaper with a photo of 1980's pop singer Rick Astley and a message: "ikee is never going to give you up."

Futuristic technologies offers a lot of convenience -- everything from managing your home and electricity with your smartphone to freeing your iPhone from Apple's chains. But with every advance comes new vulnerabilities that cyberattackers are just waiting to pounce on. To top of page

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer. Morningstar: © 2018 Morningstar, Inc. All Rights Reserved. Factset: FactSet Research Systems Inc. 2018. All rights reserved. Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor's Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2018 and/or its affiliates.