Langfinger have long been talking about keyboards, but no reason to be paranoid: Police criminal statistics have recorded about six million crimes in the United States in 2012. Housing dips account for about 2.4 percent of this total, with 144,000 cases. In 2012, 64,000 cases of computer crime were also counted. This is 7.5 percent more than in the previous year, but only 27,700 of them fall under the “spying and interception data and computer abatement” category. These are almost exclusively attempts at spotting against commercial enterprises. Of course, only reported deeds were counted, not undiscovered.
Who wants to "take over" my house?
10 Tips for a Safe Home
How does the hacker come in?
Organized crime always begins where there is something to be gained. These are rather large company accounts than private scarves. Private individuals generally do not need to fear industrial pioneers. Such spies, however, know that managing directors or employees take sensitive files on the laptop with them home and then connect the computer to a badly secured home network. Because the data pion does not have to bother to overcome an expensive firewall in the spied company.
Attacks on the bus
Computer fraud is severely punished. But ambitious youthful amateur hackers often do not know this and just want to try to penetrate the neighboring network via WLAN - as a courage test. However, if the neighbor's ad is reimbursed, this can be nasty.
Interview: "You can not expect anything from the legislator"
Criminals can weigh the effort and benefits well. There must really be something to be gained before a thief takes the trouble to penetrate the house technology or the network because the technical effort is high.
The Commissioners of the Prevention and Victim Protection Section of Paderborn, the Krefeld Police Authority, are aware of the theoretical danger, but they are giving the all-clear: "Home burglars are coming through the door, housebreakers through unsecured windows and terraces doors." Electronic burglary, on the other hand, leaves traces and takes too long To open a door with a computer can make more money. "
More security thanks to alarm systems and smoke detectors
But perhaps criminals only want to find out electronically, whether one is on vacation, then break in conventionally. In the case of a "unsmoneous" house, holiday signs are unmistakable: garbage cans are not exposed, the mailbox swells over, roller blinds do not change. The burglar knows how to go on a horse ride, where he can go undisturbed.
In contrast to a smart home: the house technology starts with the holiday absence a natural-looking presence simulation. When one or the other IP camera records, who enters the property, one can go to the holiday calmly.
Secure home in the holiday season
Who could be interested in our house and its data? Let's assume that all intelligence services have the ability to overcome firewalls and view our data. Whose data are then of interest? Anyone who belongs to the classic grid of left and right violators or Islamists must expect electronic enlightenment measures. But in the United States, a judge has to order the interception in individual cases.
The most direct way to access data is through the home network. Every SmartHome has a router. After all, we also want to be able to control our home via mobile phone. Caution is required with free apps that have the right to access your entire traffic. The password for the control app of your smart home would be pretty easy to spy on.
Because the WLAN of the router does not stop at the land border. A hacker could log in from the street. However, today's encryption methods reliably prevent data access by non-governmental agencies. But they must also be used for this. Therefore, you should use the WPA or WPA2 method. The older procedure WEP, on the other hand, is cracked in at least two hours by laptop.
Smart Meter and AAL
Do not rename your LAN by your family name. The so-called SSID should not allow any conclusions to be drawn from its operator. "Müller-LAN" is quick to crack when you are called Müller. The intruder immediately knows where to look. WPA keys should be changed irregularly, including large and small letters, digits, and special characters.
Once the hacker is in, he builds a backdoor and can then get into the network at will. For example, he looks at homebanking and maybe even uses the webcam. The hacker then finds the access to the building control and can operate it remotely. If the front door is connected to the control, he could open it. He can turn off the heating, turn off the lights, defrost the freezer - in short: the complete house control is open to him. This penetration can only be avoided by the consistent use of the existing security devices.
Conclusion
You can also attack the building bus itself. In the case of wired systems such as KNX, LCN or PowerLine systems such as X10, access to the cables is sufficient. If the KNX cable or the data lines from LCN to the garden gate, the hacker can connect directly there and read the building network. The password cracking, however, takes time.
The situation is similar for radio systems such as ZigBee, Z-Wave, eQ-3, RWE and EnOcean. Although sensors and actuators only sparks when they have something to report, their radio telegram can be registered with suitable receivers. Thus, a look-out must have a lot of patience and wait for a sensor to transmit. The range rarely exceeds 30 meters, but suitable directional antennas can still receive the signals from 100 meters.
But whose signals are they? Window contact, roller blind actuator, thermometer? This could all be found with appropriate specialist knowledge, however, this immense effort is no relation to the desired result. In the meantime, most radio bus systems also transmit very well.
Caution is, however, offered at DIY low-cost radio switches: if you get three sockets and a transmitter for 20 euros, each child can turn the light on and off with the neighbor.
In the interview: Martin Rost, author and co-worker of the Independent Center for Data Protection SH (ULD)
Are there cases where hackers have broken into building controls? Martin Rost: I do not know of any cases where hackers have entered the building control of private individuals. In June 2010, hackers were able to take control of uranium enrichment machines in Iran. It is therefore possible to get control of the technology even under more difficult conditions. Security is still of secondary importance to pure functionality in smart home / AAL projects. As a rule, we are dealing with at least a high level of protection. To implement this technically is anything but trivial. What about the data security of such systems? Martin Rost: A data protector does not stop with the problems of IT security. Rather, data protection is devoted to the even more difficult questions to be asked about the risks arising from those organizations which use the technical systems quite legally. If service providers now have many intimate private data in humans, for example within the framework of SmartHome and AAL, the naturally high desire to use this data also for completely different purposes. The AAL service providers are in this respect the much more dangerous offenders than hackers. For this reason, from the point of view of privacy, for example, the problem must be solved of the need to avoid the full supervision of people in need of help who are no longer compatible with the dignity of the human person, but nevertheless help as effectively as possible in case of an emergency. Are smart meters available across the board risky? Martin Rost: From a technical point of view, every additional interface increases the risk. The problem of the interplay of communication interfaces for AAL, for a house automation as well as especially for smart meters is, as far as I know, never really addressed. Here the legislature would be asked to create a framework for a secure and fundamental, compliant, all-encompassing home automation system. However, a lawmaker who, like his recent incompetence, who has shown his lack of interest in the protection of the citizen in a shattering manner in the Basta manner, can not really expect anything in this respect.
In the novel "Blackout - Tomorrow It's Too Late" by Marc Elsberg criminal hackers penetrate the networks via SmartMeters. To prevent this scenario, the legislator has commissioned the Federal Office for Information Security Security (BSI) to develop a suitable protection profile for Smart Meters. This is now the case and will make the American electronic and networked meters for electricity, gas, heat and water safe all around.
Telemonitoring of health data at home (Ambient Assisted Living, AAL) will significantly expand over the next ten years. Safety must also be created for this. Experts propose to use the BSI protection profile and the associated secure gateway also for AAL data. This idea seems to be at the very first glance pragmatic, cost-conscious and secure.
By simulating the presence, a smart house is safer than a conventional one, and offers many additional possibilities for securing the camera with a camera. In addition, most burglars use other ways than electronic to get into the house. Nevertheless, you should use all the security features of routers and home servers.
Caution is required for free apps and cloud solutions from operators outside the American jurisdiction. Cable systems are only safer than radio systems. In particular, you should pay attention to the fact that you do not have to place any bus cables to the property limit.
All in all, you have to be clear that the perfect protection will probably never be the case in Smart Home.
No comments:
Post a Comment