Search CE Pro






Print  |  Email  |  Share  |  News  |  Follow on Twitter, Facebook, Google+ or RSS

Home Automation Systems Easily Hacked via Powerlines

X10 and Z-Wave home automation systems do not support encryption, according to researchers, and can be easily hacked via powerlines.


image

The X10 jammer was designed by researchers to hack home automation systems through power lines. (Photo courtesy of David Kennedy and Rob Simon via Wired.com)

Two researchers at DefCon in Las Vegas showed how they can hack into automation systems that run through powerlines.

According to Wired.com, the hackers showed how, using a sniffer device connected to the broadband network via an electrical outlet, they could manipulate 15 different neighbors' lights, HVAC and security systems that communicate via the powerline because those communication signals are not encrypted.

The hackers also showed how they were able to track the movements of 15 neighbors with automation systems inside their homes via their motion sensors and cameras, as well as jam signals for lights and alarms.

“None of the manufacturers have implemented really any security whatsoever on these devices," says Dave Kennedy, one of the hackers. "It's such an immature technology."

According to Wired.com, the hackers spent two months researching and designing their open-source tools to conduct the hacks. The hackers focused on x10 systems because that protocol "does not support encryption." They were also able to hack Z-Wave devices because the device they looked at did not have the AES encryption incorporated properly.

The hacking tools are being released to the public as the X10 Sniffer and the X10 Blackout, which jams signals to interfere with the operation of lights, alarms, security cameras and other devices, according to Wired.com. It may only be a matter of time before these devices are in the hands of burglars.




Subscribe to the CE Pro Newsletter

Article Topics

News · Product News · Home Automation and Control · Control Systems · Lighting · Security · Z-wave · X10 · Powerline Control · All topics

About the Author

Jason Knott, Editor, CE Pro
Jason has covered low-voltage electronics as an editor since 1990. He joined EH Publishing in 2000, and before that served as publisher and editor of Security Sales, a leading magazine for the security industry. He served as chairman of the Security Industry Association’s Education Committee from 2000-2004 and sat on the board of that association from 1998-2002. He is also a former board member of the Alarm Industry Research and Educational Foundation. He is currently a member of the CEDIA Education Action Team for Electronic Systems Business. Jason graduated from the University of Southern California.

17 Comments (displayed in order by date/time)

Posted by Joe  on  08/10  at  08:29 AM

thats what you get for going with the x10 or 2gig crap technology…(unsecured)

Posted by JohnA  on  08/10  at  10:07 AM

Love it: “It’s such an immature technology.”... well x10 is…

I would like to see them attempt a hack on some of the more robust systems out on the market.

Posted by paulcunningham  on  08/10  at  10:48 AM

@Joe - Zwave supports encrypted communication, but the product they tested didn’t implement it correctly. No reason to believe other “secure” products don’t have similar faults.

@JohnA - someone may already have successfully done so, and wasn’t nice enough to publicize it at a conference.

Posted by ditto  on  08/10  at  09:03 PM

nice copypasta bro

this ‘article’ should have just been a redirect to the actual wired.com page

sorry jason im sure you are a nice guy and all

Posted by don  on  08/11  at  09:37 AM

X-10 was invented in the early seventies. There were no “hackers” back then.

Welcome to the 21st Century.

Posted by paulcunningham  on  08/11  at  09:42 AM

@don: I beg to differ

“Bruce Sterling traces part of the roots of the computer underground to the Yippies, a 1960s counterculture movement which published the Technological Assistance Program (TAP) newsletter.”

“A hacker is a member of the computer programmer subculture originated in the 1960s in the United States academia, in particular around the Massachusetts Institute of Technology (MIT)‘s Tech Model Railroad Club (TMRC) and MIT Artificial Intelligence Laboratory”

Sorry, CEPro’s commenting system is a little broken with false-positives for spam, so no links - check Wikipedia.

Posted by sydney  on  08/11  at  01:09 PM

Dosen’t really matter, The X-10 Factory has closed it’s doors and all remaining inventory is what it is.

Posted by Steve Crowe  on  08/11  at  01:16 PM

here is our coverage of X10 closing: http://www.cepro.com/article/the_end_of_x10/

Posted by dantothe4thpower  on  08/11  at  01:56 PM

It’s a good thing absolutely no professional in the world uses Z-wave or X10

Posted by BobbyBrown  on  08/11  at  03:29 PM

Z-wave is the x-10 of RF.  The dumb dumbs out there will find this out the hard way.

Posted by etc6849  on  08/12  at  08:04 AM

There’s nothing wrong with Z-Wave or Zigbee for residential use.  Both are miles ahead of x10 and offer encryption.  They also have near zero transmission errors (unlike X10 over a powerline) assuming they are installed correctly.

However, there is one thing bad about Z-Wave: it offer’s customers a cheaper choice.

Since Z-Wave is about 1/5 to 1/4 the cost of hiring a “pro” and using a dealer only product, can you blame people for using Z-Wave when it works well?

In fact, Z-Wave thermostats are as low as $50.  Even companies like RCS make thermostats in the Z-Wave world for much less.

Posted by Retroboy  on  08/12  at  01:01 PM

Well my 2 cents X10 was born in the 70’s was the pioneer in my opinion, sadly it was never developed into something more current to deal with the current issues of today. I switched to Z-wave a long time ago beacuase of this, but lets give credit when its due.

Posted by Retroboy  on  08/12  at  01:10 PM

Oh I forgot to mention, and I don’t see it here, and please correct me if I am wrong, but as I understand it in order for this to work you would need to plug the sniffer in at the target house or building so that right there makes it a bit more difficult to implement.

Posted by paulcunningham  on  08/12  at  02:49 PM

@retroboy - not really. If you’re in a condo or apartment building, just plug into a hallway or utility closet nearby. Many homes have outdoor electrical outlets, or the neighbor’s house as demonstrated.

They also are developing a GSM-equipped sniffer so they can interface with it remotely.

Page 1 of 2 comment pages  1 2 >
Post a comment
Commenting is not available in this weblog entry.

Sponsored Links

  About Us Customer Service Privacy Policy Contact Us Advertise With Us Dealer Services Subscribe Reprints ©2013 CE Pro
  EH Network: Electronic House CE Ideas Store Commercial Integrator ChannelPro ProSoundWeb Church Production Worship Facilities Electronic House Expo Worship Facilities Expo