A Security Analysis of Wireless Smart Home Technologies

Hansson, Niclas, Lantz, Alexander, Fischerström, Ludvig

January 2015

The use of electronics connected to local networks and the Internet is growingall the time. Nowadays you can control your electronics in your house even when away from home, which opens up for potential security threats. The purpose of this report is to point out the potential risks with connecting home electronics to the Internet and to shed light on what security mechanisms that are needed in these kinds of systems. This report contains a theoretical part in which relevant material has been summarized. This material includes the smart home solution Tellstick Net and the wireless technologies ZigBee and Z-Wave, which are commonly used in home automation. The Tellstick Net system was mapped out and a risk analysis with attack trees was performed. After the analysis of the system, the implementation of two potential security threats were attempted. The two attempted attacks were replay attack and cross-site request forgery. The replay attack was unsuccessful due to the way the system communicates and keeps connections alive. However, the cross-site request forgery was discovered to be successful in some cases. It depended on if the browser of the target supported cross-origin resource sharing, as that property protects against cross-site request forgery. Finally, the report discusses what impact the found security deficiencies have, what they entail and how they reflect on the need for security in smart technologies for the home.

Smart home technologies

Internet security

Internet of Things

Tellstick Net

Hemautomation

Olofsson, Gustav, Kareliusson, Johan, Sandell, Christofer

January 2013

Det problem som denna uppsats hade för avsikt att besvara var varför hemautomation inte används i fler hem. Genom resultaten från en enkät som distribuerades kunde slutsatsen att kostnaden för de befintliga lösningar som finns på marknaden idag inte låg i den prisklass våra respondenter ansåg rimlig. Författarna utvecklade då problemet och ställde sig frågan om en hemautomationslösning verkligen måste ha en så hög kostnad som de befintliga lösningarna har idag. För att belysa detta problem implementerades en egen kostnadseffektiv lösning där respondenternas mest önskvärda funktioner togs i beaktande och en testmiljö implementerades utefter dessa. Resultatet blev en hemautomationslösning med stor potential och med en betydligt lägre kostnad än dagens befintliga lösningar. / The problem this study intended to answer was why home automation is not used in more homes. The results of a survey that was distributed could conclude that the cost of existing solutions available on the market today is not within the price range our respondents considered reasonable. The authors then evolved the problem and asked themselves whether home automation really need such a high cost as the existing solutions today. To illustrate this problem, the authors implemented a cost-effective solution where respondents' most popular features were in regard. The result was a home automation solution with great potential and with a significantly lower cost than today's existing solutions.

Home automation

Remote home

Raspberry Pi

PHP script

Remote switch

TellStick

Temperature monitoring

Home scheduling

Home control

Digital home

Intelligent home

Smart home

Hemautomation

Hemautomatisering

Raspberry Pi

PHP skript

Fjärrströmbrytare

TellStick

Temperatursensor

Hemkontroll

Digitalt hem

Intelligent hem

Smart hem

Computer Sciences

Datavetenskap (datalogi)