It seems that smart homes can be not that smart, according to an in-depth analysis by a group of researchers at the University of Michigan and Microsoft, which was reported on by Wired. The researchers performed tests on Samsung's SmartThings platform, which is used in hundreds of thousands of homes, based on the number of app downloads. They were able to use design flaws to their advantage, gaining access to connected devices, according to Wired.
Homeowners can be sent a phishing email, designed to look like it's coming from SmartThings support, and click on a link where they are asked to log in, giving their information to hacker, the publication said. Users can also be tricked into downloading malware, masquerading as an app designed to keep track of the battery life of the devices on a SmartThing's home network.
Once hackers have that information, they can disable vacation mode, a setting that turns lights on and off as if someone was at home, set off a smoke alarm, or find the PIN for a door lock and send it via text to the hacker.