Today's modern homes are becoming complex live systems in which virtually all functionality, from lighting and heating control to security and occupancy simulation, is mediated by computerized controllers leading to IoT future. The smart nature of these homes raises obvious security concerns and history has shown that a vulnerability in only one component may provide the means to compromise the system as a whole. Thus, the addition of every new component, and especially new components with external networking capability, increases risks that must be carefully considered. In this paper we examine one of the most active open source home automation framework, Open Home Automation Bus (openHAB) which is used as platform for many other IoT supported devices. First, we go through openHAB security architecture and supported features following the challenge of a static source code analysis of several most used openHAB packages (called bindings) and carefully crafted test cases that revealed many undocumented features of the platform. Next, we exploited security flaws by constructing two proof-of-concept attacks that: (1) openHAB system denial of service; (2) inject custom binding for message bus monitoring and control; We conclude the paper with security best practices for the design of custom openHAB bindings.
[1]
Roy Fielding,et al.
Architectural Styles and the Design of Network-based Software Architectures"; Doctoral dissertation
,
2000
.
[2]
Arun Cyril Jose,et al.
Smart Home Automation Security: A Literature Review
,
2015,
Smart Comput. Rev..
[3]
P ? ? ? ? ? ? ? % ? ? ? ?
,
1991
.
[4]
Mahasak Ketcham,et al.
Research and Thinking of Smart Home Technology
,
2012
.
[5]
Earlence Fernandes,et al.
Security Analysis of Emerging Smart Home Applications
,
2016,
2016 IEEE Symposium on Security and Privacy (SP).
[6]
Grant Hernandez,et al.
Smart Nest Thermostat A Smart Spy in Your Home
,
2014
.
[7]
Stefan Saroiu,et al.
Home automation in the wild: challenges and opportunities
,
2011,
CHI.