A Study of Data Store-based Home Automation

TL;DR

This paper systematically evaluates the security of popular home automation platforms, revealing significant vulnerabilities in routine execution and access control that pose risks to user safety and privacy.

Contribution

It provides a semi-automated security analysis of Nest and Philips Hue platforms, uncovering critical flaws and highlighting the need for security by design in home automation systems.

Findings

Potential for privilege escalation via routines in Nest

Ineffectiveness of Nest's product review system against attacks

Emerging platforms may lack basic security controls

Abstract

Home automation platforms provide a new level of convenience by enabling consumers to automate various aspects of physical objects in their homes. While the convenience is beneficial, security flaws in the platforms or integrated third-party products can have serious consequences for the integrity of a user's physical environment. In this paper we perform a systematic security evaluation of two popular smart home platforms, Google's Nest platform and Philips Hue, that implement home automation "routines" (i.e., trigger-action programs involving apps and devices) via manipulation of state variables in a centralized data store. Our semi-automated analysis examines, among other things, platform access control enforcement, the rigor of non-system enforcement procedures, and the potential for misuse of routines. This analysis results in ten key findings with serious security implications. For instance, we demonstrate the potential for the misuse of smart home routines in the Nest platform to perform a lateral privilege escalation, illustrate how Nest's product review system is ineffective at preventing multiple stages of this attack that it examines, and demonstrate how emerging platforms may fail to provide even bare-minimum security by allowing apps to arbitrarily add/remove other apps from the user's smart home. Our findings draw attention to the unique security challenges of platforms that execute routines via centralized data stores and highlight the importance of enforcing security by design in emerging home automation platforms.