Hacked at home

Household appliances are getting so “smart” these days. You can control the temperature of a smart oven using an Android app. With a smart thermostat, you can adjust home temperature while traveling. Smart light bulbs will brighten or change colors through a tablet app, and smart TVs stream movies directly from the internet. There’s even a $5,686 smart toilet that flushes automatically or by remote. (A lever was too much trouble?)

Many such devices are considered “smart” because they operate using the internet or home wireless networks. And therein lies the problem: As more household products go online or on Wi-Fi, they heighten the possibility some homeowners will be hacked, either by sophisticated burglars or mischievous neighbors.

Security researchers at Black Hat, a hackers’ conference in Las Vegas this summer, drove home the point by demonstrating how they could easily hack into wireless home devices. They explained how to open a garage door, disarm a security system, and unlock a dead bolt simply by tapping into a wireless home network hub.

“If someone breaks into your house and there’s no sign of forced entry, how are you going to get your insurance company back?” asked Daniel Crowley, a Trustwave Holdings security consultant who revealed the dead bolt glitch at Black Hat.

Other security researchers at the conference explained how they could hijack a Samsung smart TV using a computer virus, either attached to an email or downloaded through the TV’s Web browser. The virus would allow them to activate the TV’s camera to spy on a homeowner in his own living room.

After the researchers informed Samsung of the security flaw, the company issued a software patch to fix the vulnerable TVs. But other, undiscovered ways to hack into them may exist. In a statement, Samsung said worried customers could adjust the camera so the lens is covered—or they could “unplug the TV from the home network when the Smart TV features are not in use.”

It seems that manufacturers, in their rush to sell cutting-edge products, sometimes include only elementary security measures that a person with technical know-how could easily crack. The $5,686 toilet, made by Lixil, a Japanese company, uses wireless Bluetooth signals to flush, spray a bidet nozzle, or activate an air dryer. Because the security PIN is set by default to “0000,” any nearby prankster could download the toilet’s Android app and wirelessly tap into the controls.

Of course, a serious criminal wouldn’t be interested in commandeering a toilet. And it would take a smart criminal to unlock a smart dead bolt or fire up a smart TV camera. But with those possibilities out there, some might decide to hang on to their dumb fridge a while longer.

Smoke signals

A new “intelligent knife” can tell the difference between healthy cells and cancerous ones—in the middle of surgery. As a surgeon cauterizes malignant tissue, the iKnife sucks up and analyzes the smoke, indicating in real time whether the tissue was cancerous. The knife could reduce the chance that a surgeon accidentally leaves cancerous cells behind, especially during brain surgery, where the cancer can be difficult to spot. —D.J.D.