Blog: Internet Of Things
Breaking up is hard to do… with IoT
Is the very tech that is supposed to protect you actually exposing you to your ex?
I was contacted by a journalist a couple of months back. They had seen our previous research in to Wi-Fi PSK disclosure from the smart doorbell, which was quickly fixed by the vendor.
However, the journo was investigating a report that a former partner still had access to their ex’s doorbell. Various messages had been sent to the ex, which indicated that they were watching the video and speaking to the ex through the doorbell. Creepy and disturbing!
The person had already taken steps to limit access to the account, changed their Wi-Fi key etc. Yet, the ex partner still had access.
It transpired that there was a bug in the Ring doorbell that made it impossible to revoke certain types of high privilege user accounts. Ring stated that it could only be fixed by physically replacing the doorbell itself. Wow!
In fairness, Ring took swift action, fixed the bug and replaced the doorbell for free. However, had the journalist not got involved, would the stalking issue ever have been properly exposed and resolved?
Smart door locks
Smart door locks are a great way of managing access without having to change the locks. Problem is, sometimes they have security flaws that mean anyone can unlock them.
Whilst many of the smart locks on the market are secure, we exposed issues in the pairing process with one lock.
Exploiting this particular issue would mean leaving a battery powered listening device nearby the house and waiting for the ex to re-pair the lock, but that’s well within the bounds of capability of a stalker.
Read on for other ways to exploit smart locks through home assistants
Security cameras and home alarms
You’re concerned about stalking or perhaps you’re just feeling a little less safe now that there is only one of you in the property overnight.
If you have a smart alarm system, make sure you’ve revoked your ex’s access to it.
Maybe you put up some security cameras. Many of the cameras we’ve looked at have had serious security issues. The supply chain for these devices (original device manufacturer, brand owner, cloud service provider, firmware author etc.) is so complex that security flaws creep in.
Security is so varied that it’s almost impossible to state whether a particular camera is secure or not.
We’ve found wired network security cameras that could trivially be accessed from the internet. Your footage could be viewed by anyone, not just your former partner!
We’ve found wireless cameras that could be accessed too, exposing your Wi-Fi keys to attackers in the local area as well as your footage.
If you don’t have network security skills, you would do well to assume that someone might be able to access your camera video stream. Think carefully about where you point cameras.
A good start would be to check that all your cameras and smart app are updated to the very latest software version.
What should you do if you split up from a partner who you shared tech with?
Let’s start with some basics
Change your Wi-Fi password. It’s easy to do, just search online for the method.
Yes, it can be time consuming to change the Wi-Fi key on all of your smart devices, but do you want an ex spying on you through your tech?
Change the admin password on your ISP router. Again, search online and set a strong password for your router. That’s good practice and will ensure that a tech savvy ex can’t redirect your internet traffic to see what you’re up to.
Change any passwords to shared accounts, or accounts that you both used. What about Amazon – did you use Prime Video? It might not seem like much, but do you want your ex to know what TV and movies you were watching?
Maybe you shared an account to keep costs down and they had access from a tablet or mobile? They may be able to charge your account for access to premium content.
You may have given them access so that you only had one Prime subscription, perhaps to keep delivery charges down. Do you want them to be able to randomly order you something expensive and charge it to your account?
Same with Netflix – go through your account and revoke access to devices that aren’t yours.
Amazon Echo, Google Home, Apple HomePod and smart assistants. Check that your ex doesn’t still have access to any of your accounts. Change the relevant passwords.
However, a stalking ex will have little concern about strolling up to your house whilst you’re out and speaking (even through a closed window) to your home assistant.
‘Set a recurring alarm for weekdays at 3am’
‘turn the heating up’
Seriously consider muting the microphone when you’re not in the house.
As with your security cameras, software updates often fix security flaws. If you don’t update your mobile apps and smart device software (usually called ‘firmware’) then you may have known vulnerabilities in your system that are easy to take advantage of.
Take the opportunity to ensure that everything in your home is up to date and re-check every once in a while. If you get alerts to the availability of updates, take action immediately.
We haven’t touched on broader good practice such as checking security settings and changing passwords on email, social networks, bank accounts, credit cards and the like. There are plenty of good guides that cover this already.
However, it’s critical that you review the smart technology in your home in the event of a relationship ending. Even an ex that isn’t tech-savvy could use a bug like accessing a video doorbell to stalk you.
You would probably change the door locks on your home in the event of your partner moving out. You should seriously consider changing your smart locks too.