Hackers break into home via power line

Due to the lack of encryption in the management systems of automated homes and offices, hackers have found a way to use public power lines —and, soon, even mobile phones— to disrupt and even spy on private activities in these places. Researchers at the Black Hat security conference in Las Vegas demonstrated this with a device that uses the X10 protocol, tech site CNET reported Saturday. "We can track people with motion sensors and see what part of the house they might be in," researcher Rob Simon said during a presentation, according to the CNET report. Simon, whose handle is "Kickenchicken57," said that the weaknesses stem from the absence of encryption in the popular X10 protocol. The "X10 Black Out" device by Simon and fellow researcher Dave Kennedy can plug in to a power outlet outside a target building or a nearby building then interfere with the home Ethernet network inside. By using the X10 protocol, hackers can effectively disable security systems and cameras; open and close doors; and even turn appliances on and off at a whim. Another device, the X10 Sniffer, can detect what appliances and systems are attached to the Ethernet network, seeing what doors or lights are open. Kennedy, who uses the hacker handle "ReL1K," said the sniffer device basically "maps out the entire house." The two hackers' findings came as home and office automation systems become more popular, yet have no encryption in the X10 protocol. Vendors need to add encryption Kennedy said vendors will eventually need to add encryption to block such attacks. While the researchers found one device, a Z-Wave-based door handle, that had encryption, it was turned off by default. "There's virtually no security on these things right now," he said. House break-ins via mobile phone Simon and Kennedy are working on a new version of their devices that would let an attacker remotely control the device via a cellular network. With such a device, a hacker can communicate with the device via text message and get text notifications such as when someone enters the target house, instead of having to preprogram the commands. Both hackers are likewise working on a sniffer based on the Z-Wave home automation protocol that connects appliances over a mesh network. Such a device can sniff and decode the AES (Advanced Encryption Standard) encryption keys when a new appliance is added to the network, they said. "We're trying to bring more exposure to this attack avenue. This needs to be incorporated into penetration testing. It is a very real threat vector," Kennedy said. — TJD, GMA News