A Security Analysis of Wireless Smart Home Technologies

Abstract: The use of electronics connected to local networks and the Internet is growingall the time. Nowadays you can control your electronics in your house even when away from home, which opens up for potential security threats. The purpose of this report is to point out the potential risks with connecting home electronics to the Internet and to shed light on what security mechanisms that are needed in these kinds of systems. This report contains a theoretical part in which relevant material has been summarized. This material includes the smart home solution Tellstick Net and the wireless technologies ZigBee and Z-Wave, which are commonly used in home automation. The Tellstick Net system was mapped out and a risk analysis with attack trees was performed. After the analysis of the system, the implementation of two potential security threats were attempted. The two attempted attacks were replay attack and cross-site request forgery. The replay attack was unsuccessful due to the way the system communicates and keeps connections alive. However, the cross-site request forgery was discovered to be successful in some cases. It depended on if the browser of the target supported cross-origin resource sharing, as that property protects against cross-site request forgery. Finally, the report discusses what impact the found security deficiencies have, what they entail and how they reflect on the need for security in smart technologies for the home.