The Security and Privacy of Home Automation Systems

Temitope Oluwafemi, University of Washington
Tadayoshi Kohno, University of Washington
Sidhant Gupta, University of Washington
Shwetak Patel, University of Washington

Background. With a projected rise in the procurement of home automation systems, we experimentally investigate security risks homeowners are exposed to by non-networked compact fluorescent lamps controlled by compromised Internet enabled home automation systems.

Aim. This work investigates the feasibility of causing physical harm – through the explosion of CFLs or the inducing of seizures by high frequency fluctuations - to home occupants through an exploited home automation system.

Method. Three distinct electrical signals were applied to two different brands of CFLs connected to Z-Wave enabled light dimmers until they popped or gave way.

Results. Three of ten CFLs on which we conducted our experiments popped, although not to the degree of explosions we expected. The seven remaining CFLs gave way with varying times to failure indicating process and design variations.

Conclusions. The results are both positive and negative. They are positive because it means it will be hard for an attacker to use the described methods to harm homeowners. On the other hand, the results are negative because it is apparently possible for an attacker to remotely compromise a non-networked light bulb.

Get the Full Paper.