Skip to main content

The smart home hacking scene in Scream is possible, but you’re probably OK

Two elements combined to make this article happen. The first was that October was Cybersecurity Awareness Month. Second, smack-dab in the middle of the month, the first trailer for the new Scream movie dropped. It contained a scene that had us a little concerned. See if you can spot it.

Scream | Official Trailer (2022 Movie)

Obviously, we’re talking about the smart locks scene. All your locks in your home unlock, so you whip out your smartphone and re-lock them, only to see them all unlock again. The implication here is that Mr. Scary Killer person has hacked into their victim’s smart home account and can control all the devices throughout the home. Yikes.

As someone who doesn’t carry keys to his house because of all the smart locks, I was getting a little nervous. So I decided to talk to someone about it. I reached out to John Shier, senior security adviser at Sophos Home to talk about it. He gave me some good news and some bad news. I’ll start with the bad news.

Yes, this is possible. The good news is, it’s rather hard to do and the better news is, the chances of this happening to you are infinitesimal unless of course you also have someone who really wants to do you harm. But the honest truth is, there’s a good chance that enough of your data is out there that could make something like this possible.

LOLwut?

There are two things that combine to make this possible: Social engineering and data breaches. Separately, either of these can get an attacker enough information to hack your smart home. Together, it becomes even more possible. But you have to understand, when we say this is possible, we have to quickly caveat it by saying that it’s not very likely.

If you accept the idea of the movie that there’s a lot of planning and premeditation there, then this becomes a lot easier, which is to say it’s more plausible. The fact is, data breaches happen frequently and people often re-use email addresses and passwords for multiple services. Your password exposed from XYZ company (we’re not data-breach shaming here) could well be the same username and password that you use for your smart locks. Even if the password is different, the email address is a key piece of information toward other ways to hack your way in.

Before you ask, no, we’re not turning this into a “hack your way into your friends and family’s homes” tutorial. But suffice it to say that any information about you that has been exposed by one of these data breaches gets a potential wrong-doer a little bit closer to ultimately gaining access to your accounts. That can happen via social engineering or by using data exposed in breaches. Neither of which is trivial. “I think when we talk about IoT security at large, those are probably some of the biggest risks when it comes to having the devices fall out of your control,” Shier explained.

Social engineering relies on trickery which honestly may or may not work. If one decided to go this route, they have to be in a position where they can fool a user into giving up credentials. It was at this point in my conversation with Shier that I learned some surprising ways that one can easily set up a phishing site for that purpose. Again, this is not a tutorial, so I won’t repeat that here, but suffice it to say, sometimes the Internet just sucks.

The other route would involve sifting through millions of sets of credentials and finding a target, which depending on the breach may not be identifiable by name. A target might have the name John Doe, but their email address could be thunderkitty875@genericemail.com and there may be no way to associate those two very incredibly disparate pieces of information.

Hands typing on a laptop keyboard.
EThamPhoto / Getty Images

Sites like haveIbeenpwned.com can let you know if your email address has been a part of a data breach anywhere, but they also have the reverse effect. An attacker could gain the email address of a potential victim and use that site to see what data breaches they have been part of. From there, you can go download the data from the breaches and try the usernames and passwords. That is to say, nothing of an attacker gaining access to a potential victim’s email address and just sending password resets.

“You’re more likely to be monetized than stalked. [Criminals] are more likely to want to get your banking credentials and your personal information [for] identity fraud than for mucking around with your lights and your door locks,” Shier said.

The point of all this is, it’s very possible, and the data is out there to do it, but the likelihood of it happening to a random person by a different random hacker is remote. There’s a lot of work that has to go into breaking into someone’s credentials for their smart home. But it’s far more likely that whatever data is lost during a data breach is going to be used for monetization, whether that’s selling the data or using the data for identity theft.

It’s incredibly unlikely that the end result of a hacker breaking into a company is going to be a scene from a horror movie. But I suppose I have to concede that it’s not zero. I should also mention that identity fraud is itself a scene from a much more nerdy horror movie, but it’s also pretty terrible if it happens to you.

Stay ahead of the game

That being said, there are things you can do to help protect your data and keep your smart home secure. Shier speaks of identity hygiene such as using different email addresses and passwords from every site out there. If your data gets out, the damage will be minimal. Using one of the best password managers is a great idea as is enabling two-factor authentication where possible.

Another thing that Shier points out was to be sure that any default accounts or passwords that might have shipped with your smart home device are removed or changed. Some devices ship with a default “admin/admin” as a username and password, and sometimes users will create their own account without removing the default. Similarly, they’ll create a new password of their own without having removed the built-in password. Hackers can easily find out what those default passwords are and attempt some hackery with that information.

Stick with name brands. Off-brand and/or smaller companies have a tendency to come and go, and may not consider implementing software updates as critical as some of the more known and trustworthy brands. If you have a device that hasn’t been updated in a while, consider reaching out to customer support and find out what’s up with that. Software development is an ongoing process.

Google Nest Hub on top of table.
Image used with permission by copyright holder

Speaking of which, make sure to keep your smart home devices up to date. It’s not a bad idea to check for software updates periodically. Security vulnerabilities can crop up from time to time and more often than not they’re squashed quickly. But that only helps if you actually download and install the update.

So the good news is unless you have made someone really, really mad, you can continue to leave your house keys at home. Let’s be honest, if you’ve made them that mad, a regular deadbolt probably wouldn’t be much help anyway. But that’s not to say you can completely let your guard down. Be sure to regularly check for updates with your smart home technology, use password managers and 2FA, and most importantly, never, ever say, “I’ll be right back.”

Adam Doud
Former Digital Trends Contributor
Adam had been writing in the tech space for nearly a decade. When not hosting the Benefit of the Doud podcast, he can be…
Smart homes can save you money, but it goes beyond just monitoring electricity
Power X measures water, hot water, and electricity usage

Did you know you may have a huge battery in your basement or utility closet? I didn't. It's been hiding in plain sight there for years, and Power X wants to unlock its potential for you. I sat down to speak with Power X CEO Manuel Schoenfield who told me about it -- and it's an interesting idea.

Power X is a New York-based startup that wants to use smart sensors and artificial intelligence (A.I.) I to fix the way power is used today. We've talked before about smart home devices that can help you monitor your power usage. I looked at Sense about a year ago (almost to the day) and have since found it helpful at figuring out where my power was going. Power X will do something similar, but bigger in a few different ways.

Read more
Samsung may tease possible new TVs, smart home devices at March 2 event
Samsung's 8K Neo QLED showing a forest scene.

CES is typically the time and place where most big TV brands show off their latest and greatest models, Samsung might have been holding back this year. The company's TV division -- Samsung Visual Display -- has issued an invitation to an "Unbox & Discover" livestreamed event scheduled for March 2, where it "will share its vision for how the company’s latest innovative products are set to redefine the role of the TV through cutting-edge technologies, beautiful design, and impactful partnerships."

What exactly does this mean? There are a few possibilities. Given that Samsung used CES 2021 to announce its 2021 Neo QLED TVs, which use the latest mini-LED backlights, as well as its first MicroLED TV that doesn't require professional installation, it's unlikely that it's going to use this event to launch yet another kind of TV.

Read more
5 ways a smart home can help you prepare for Valentine’s Day
Amazon Echo dressed up for Valentine's Day

With Valentine's Day nearly here, you might be scrambling for ideas -- especially if you've put off plans until the last minute. The good news is that your smart home can help with Valentine's Day planning, whether you're trying to set the mood, prepare a delicious meal, or just keep that special gift safe till you get home.
Use smart lights to set the mood
For a truly successful Valentine's Day date, you have to set the perfect mood. Smart lights are the key to doing this -- after all, no one wants to eat dinner under harsh fluorescents. Candlelight is better, but if you don't want to light a bunch of candles (or you aren't allowed to because of your apartment's rules), Philips Hue can help.

Hue Labs has a feature called "candlelight romance" that causes your smart lights to flicker just like candles. It can create the same ambiance without the fire risk. If you have Philips Hue smart lights, just go into the app and activate this setting to use its features.

Read more