We address security vulnerabilities for a smart thermostat. As this kind of smart appliance is adopted in homes around the world, every user will be opening up a new avenue for cyber attack. Since these devices have known vulnerabilities and they are being managed by non-technical users, we anticipate that smart thermostats are likely to be targetted by unsophisticated attackers relying on publicly available exploits to take advantage of weakly protected devices. As such, in this paper, we take the role of a 'script kiddy' and we assess the security of a smart thermostat by using Internet resources for attacks at both the physical level and the network level. We demonstrate that such attacks are unlikely to be effective without some additional social engineering to obtain user credentials. Moreover, we suggest that the vulnerability to attack can be further minimized by simply reducing the use of remote storage where possible.
展开▼