Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:33 PM
Connect Directly

Power Hack Can Force Home, Office Blackouts

New free tools can be used to remotely force open doors, unlock windows, trigger alarms -- and turn out the lights

DEFCON 19 -- Las Vegas -- A pair of researchers here today unleashed free handmade tools that spy on and disable home-automation and business systems connected via broadband power lines.

Aside from providing broadband for home-automation systems, the so-called X10 and ZWave broadband-over-power technology is also used in businesses and process-control environments, exposing all communications over those protocols, says David Kennedy, who developed the open-source Social-Engineer Toolkit. "They are being widely used in businesses and a lot in access-control systems," he says. "We need to bring more exposure to this attack vector."

The tools -- which are now part of the Social-Engineer Toolkit Version 2.0 -- include the X10 Sniffer and X10 Blackout devices. The X10 Sniffer detects which devices are on the broadband power network, and can even track the movement of people in the house or office. The devices plug into a nearby outlet, such as a neighbor's home or an outside outlet on the building.

Kennedy and Simon also are putting the final touches on a single X10 hacking tool that both sniffs and disables lights or other devices via cell phone. The tool would allow an attacker to send a text message ordering a light to be turned on or off, or to jam or disable all systems running on the home-automation system.

"You could plug it into the next-door neighbor's outlet or at the [target] house, and it has sniffing and jamming capabilities," Kennedy says. "It sends you a text message saying these are all of the devices, and then you can send the device a text message with a 'kill' command."

The tool, which will be released within the next couple of weeks, also provides information on which device is turned on, or whether a window sensor is tripped, for instance, Simon says.

"All we have to do is walk up to the house, plug the device in, and it turns the lights out, none of the sensors work, and we walk out," Kennedy says.

The power-over-broadband hacking tools contain the so-called Teensie microcontroller device, programmed to emulate a keyboard, and an SD card soldered onto the Teensie.

The underlying problem is that X10 technology, which is also used for HVAC systems, motion sensors, electronic door locks, and cameras, has no encryption, so data is sent in the clear.

Kennedy says Zwave power-over-broadband technology supports AES encryption, but he and Simon have yet to find any devices that actually implement it. "It's possible to sniff those encryption keys when initializing the devices and inject packets," he says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-10-17
Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name (aka SiteName) field.
PUBLISHED: 2019-10-17
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php servername parameter.
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.