It's possible to hack a smart home, but you probably have nothing to worry about
Bad actors have taken advantage of smart home systems in the past. In 2021, South Korea experienced one of the most audacious smart home hacks in history, with more than 700 apartments being digitally breached. In 2023, a Ring camera was hacked and used to make inappropriate comments toward the homeowner.
Recommended Videos
Incidents like the latter occurred more frequently in the early days of smart home technology. In the intervening years, companies like Google, Ring, and others have made security a central focus for new products. While that hacking scene from 2022's Scream is technically possible, it's also unlikely.
But with that in mind, a new potential avenue for risk has emerged in the form of artificial intelligence. Last week, a new report demonstrated how researchers used Google Gemini to take control of connected smart home devices through malicious code hidden in a Google Calendar invite.
The event marked one of the only times (and potentially the first time) that this technique was used in a real-world attack. Dubbed 'promptware,' the attack method has raised concerns over the use of artificial intelligence in relation with smart home technology. However, many of those concerns are taken out of context and proportion. Is it a risk? Absolutely. Is it likely to happen to you?
We'll put it like this: If it does, you should buy a lottery ticket.
What is 'promptware?'
This specific hack was performed through a 'prompt-injection attack.' The attack hid instructions inside a Google Calendar alert masked as a run-of-the-mill invitation. Its intention was to lie dormant until a user asked Gemini to summarize their schedule for the day, and then trigger based on a common, mundane response like 'thanks' or 'sure.'
Once activated, the instructions would set off different devices within the home. It was a proof of concept; an actual attack would likely be less visible but could grant access to interior devices like cameras and speakers, or could open a backdoor to access information stored on the devices.
What makes promptware a greater threat is that traditional firewalls, antivirus software, and other tried-and-true methods offer no protection against it. Typically security software isn't designed to protect against this unique blend of automation and social engineering.
Social engineering itself has become a much larger threat in recent years. For those unfamiliar with the term, social engineering is the use of deception to manipulate someone into revealing private and/or personal information. Have you ever received a friend request on Facebook from an obviously false profile? That's a common first step. By creating a sense of trust through a familiar face and using the disconnected nature of the internet as a go-between, bad actors can prey on vulnerable targets.
While using Gemini to control your smart home is convenient, you can improve your overall smart home security by restricting what Gemini and other AI agents have access to. The researchers behind the promptware study specifically suggest limiting access to smart home controls and personal calendars.
What are the actual chances of a smart home being hacked?
Here's the thing: most 'hacking' attempts aren't hacking at all. They're phishing or another lower-level form of violation. Having your password stolen and used against you isn't a hack in the true sense of the word, and something like the prompt-injection attack used by researchers requires a lot of effort. The majority of bad actors want to gain access to steal personal information that can be used for identity theft or to make a few credit card purchases. Sometimes that information is gathered and then sold to third parties.
Hacking a smart home takes a lot of effort, especially as device security improves. Taking control of devices to turn lights on and off has more in common with juvenile pranks than it does with a coordinated effort to steal something. And unlocking someone's front door through a smart device, while a potential way to gain access to a home, is not a threat for the average person.
If you're wealthy and live in a large house, there could be a higher chance of being targeted for theft — but a lot of break-ins (around 41%) are crimes of opportunity, and most burglars live relatively nearby the homes they break into.
Unless you have wealth on display, most passers-by won't specifically aim for your home. That means keeping things subtle; no large TV boxes at the curb, no posting about new acquisitions on social media, etc.
If you have a smart home, then you likely have a security system too. Good news on that front: when questioned, roughly 50% of burglars said a security system would deter them from a home.
The truth is that nothing will stop a determined burglar, especially when the easiest method of entry is to kick down a door or break a window. But with most thieves targeting low-hanging fruit, a security system and smart home tech can actually serve as a deterrence. Your smart home is more likely to keep your home safe than it is to make it a threat.
If you want to take steps to protect your smart home, we have numerous guides on how to do exactly that.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Forbes
9 hours ago
- Forbes
Google Warns Gmail Users—Hackers Gain Access To Accounts
Google has confirmed that Gmail attacks are surging, as hackers steal passwords to gain access to accounts. This also means a surge in 'suspicious sign in prevented' emails, Google's warning that 'it recently blocked an attempt to access your account.' Attackers know this — that Gmail user concerns are heightened by security warnings, and they use this to frame their attacks. 'Sometimes hackers try to copy the 'suspicious sign in prevented' email,' Google warns, 'to steal other people's account information,' which then gives those hackers access to user accounts. If you receive this Google email warning, do not click on any link or button within the email itself. Instead, 'go to your Google Account, on the left navigation panel, click security, and on the recent security events panel, click to review security events.' If any of the events raise concerns — times or locations or devices you do not recognize — then 'on the top of the page click secure your account' to change your password. If you do click a link from within this email or any other email purporting to come from Google, you will be taken to a sign-in page that will be a malicious fake. If you enter your user name and password into that page, you risk them being stolen by hackers to hijack your account. And that will give them access to everything. This is the same risk as the recent Amazon refund scam, which texts a link for a fake Amazon refund, but which actually steals login credentials. The answer is twofold. First, never click any such link in a text message or email. And second, add passkeys to your Google, Amazon and other accounts to stop such hijacks. This exploitation of seemingly legitimate emails, messages and calls that perfectly mimic the content and style of the real thing has become an alarming theme in the last year. This also includes exploiting legitimate infrastructure to add authenticity. Beyond adding passkeys and shoring up two-factor authentication with something other than SMS, the key rule is never to use links to access accounts. Always use your app or the sign-in page you usually use in your browser. Account hijacks are painful, and while there are mechanisms to recover lost accounts, these can be time consuming and will not stop the content in your account from being stolen. It takes just seconds to secure your accounts — do that now.
Yahoo
9 hours ago
- Yahoo
Crypto for Advisors: Asian Stablecoin Adoption
Nations around the world are at differing stages of evaluating or establishing centralized bank digital currencies (CBDCs). In today's Crypto for Advisors newsletter, we look to the East, as Dr Sangmin Seo, chairman, Kaia DLT Foundation, compares and contrasts South Korea's closed and controlled CBDC strategy to Japan's open framework. Then, Patrick Murphy from Eightcap answers questions about how these changes will impact investors in Ask an Expert. – Unknown block type "divider", specify a component for it in the ` option What Are the Approaches of South Korea and Japan Towards Stablecoins After the passage of the GENIUS Act in the U.S., stablecoin projects, implementations and regulations are now a major subject of discussion around the world. South Korea and Japan are both having high-level and advanced discussions currently about how those stablecoins should operate. And how the private sector and governments should interact in regulating stablecoins. Central Banks in Korea and Japan differ in their approaches towards stablecoins and CBDCs: , or a central bank-controlled digital currency, is a blockchain-powered digital currency controlled by a central bank pegged to a real-world currency denomination. A stablecoin is typically issued by private enterprises. They are usually designed to have a value identical to real-world currencies. Japan: CBDCs can learn from stablecoins The Bank of Japan maintains a firm stance that CBDCs should only be used for interbank settlements. Private banks' issued stablecoins can be used for business-to-business (B2B) and business-to-consumer (B2C) transactions. The Bank of Japan and the Financial Services Agency have devised a stablecoin regulatory framework with a positive stance on the use of privately regulated stablecoins. While the Bank of Japan acknowledges the 'the potential of stablecoins as an efficient means of payment,' it also envisions co-existence with CBDCs and views the digital Yen as a complementary, rather than competitive, form of cash, with traditional finance. The Governor of the Bank of Japan, Kazuo Ueda, recently said, 'Stablecoins increase small international remittances, leading to risk diversification. With more high-frequency micropayments, it will be interesting to explore how CBDCs can play a complementary role.' Suggesting that private stablecoins could provide learnings for a CBDC design in terms of its payment efficiency. South Korea: Ambivalence but leaning towards private stablecoins This contrasts with the Bank of Korea's current ambivalent stance as to whether or not private stablecoins should be controlled by central banks, considering that they will potentially cause instability in domestic currency value or capital flight. It is crucial to understand that Korea has very tight capital controls on the currency system. However, South Korea's National Assembly has led the pro-stablecoin discussions by proposing three different Digital Asset bills to legalize KRW stablecoins. These bills came after President Jae Myung Lee pledged to create domestic stablecoins during the recent election campaign that concluded successfully in June. It is noteworthy that Korea's CBDC project was halted on 29 June 2025, following these stablecoin discussions. Image: Kaia As a result, many competing consortia from Web3, fintech, and the banks are all scrambling for a position to be part of any future stablecoin designs. Kakao and Naver, the largest IT enterprises in South Korea, have begun their stablecoin research task forces, filed trademarks, or formed an alliance group seeking potential partners. Circle, the USDC issuer, signed an MOU with Hana Bank, one of Korea's main banks, to lay the groundwork for a future stablecoin business alliance. Private South Korean banks have already begun positioning themselves as stablecoin businesses; the CBDC project was frozen in June. Nevertheless, South Korea has maintained a 'one bank for one centralized crypto exchange" regulation, blocking new market entrants. Therefore, many in the industry are keenly awaiting to see which of the three bills is adopted. Why Japan and South Korea's approaches matter for non-USD stablecoins Rather than benefiting the South Korean economy, the Bank of Korea and others argue that a Korean-won (KRW) backed stablecoin will not prevent capital flights from South Korea, as those stablecoins will not be widely used in global digital asset transactions like USD stablecoins. Despite these statements, the private sector could well have a prominent role in the creation of a South Korean stablecoin, especially as South Korea has the second-biggest retail crypto market. The interaction between the private sector and governments in regulating stablecoins, as well as how South Korea and Japan address these issues, particularly in balancing the mass adoption of stablecoins with adherence to Web3 principles, has implications beyond their borders. - Unknown block type "divider", specify a component for it in the ` option Ask an Expert Q: What is driving the shift in Asia to integrate blockchain technology into traditional financial systems? A: Asia's embrace of blockchain is a strategic pivot, moving beyond the speculative aspects of cryptocurrency to its potential as a foundational technology. Policy leaders across the region see that regulatory clarity is essential for sustainable innovation; examples such as Hong Kong's licensing regime for Virtual Asset Service Providers (VASPs) and Singapore's regulated DeFi and cross‑border payment pilots show this in action. This proactive approach creates the regulatory clarity and robust infrastructure necessary to facilitate secure on-chain transactions and more efficient cross-border payments, ultimately modernizing financial systems. Q: South Korea's new regulatory framework is a significant development. What are the key features, and what do they signal for institutional adoption? A: South Korea's new framework, formalized in the Digital Asset Basic Act (DABA), represents a major step toward institutional acceptance. Its key features, including comprehensive guidelines for stablecoins and the introduction of crypto exchange-traded funds (ETFs), are designed to create a more secure and defined environment for digital assets. Furthermore, the launch of a state-supported blockchain network underscores a strategic focus on building institutional-grade infrastructure. These developments collectively signal that South Korea views digital assets not just as a retail product, but as a legitimate part of the financial ecosystem, paving the way for greater institutional participation. Q: What are the key takeaways for financial advisors from Asia's evolving blockchain landscape, and what should they be monitoring? A: The developments in Asia, particularly in countries like South Korea, provide a clear roadmap for the future of global finance. Advisors should recognize that this trend signals a move toward institutional acceptance and the potential for new, regulated financial products. It is crucial to monitor developments in tokenized securities, which could fundamentally change how assets are issued, traded, and settled. Additionally, keeping an eye on new stablecoin regulations and digital Know Your Customer (KYC) frameworks is essential, as these trends could very well be a preview of the next evolution of capital markets globally. - Unknown block type "divider", specify a component for it in the ` option Keep Reading A recent working paper from the Central Bank of Malaysia (CBM) has identified XRP and bitcoin as potential 'alternatives to the current monetary and payment instruments'. The United Arab Emirates prepares for the rollout of the Digital Dirham CBDC. The European Central Bank aims to finish its digital euro testing phase by October 2025 Sign in to access your portfolio
Digital Trends
12 hours ago
- Digital Trends
Samsung's next Ultra tablet appears ready to outshine the iPad Pro
The current generation iPad Pro introduced a massive design makeover for Apple's slate, and in the process, the company also managed to make it the thinnest tablet out there. Samsung's next flagship tablet could match the waistline of the iPad Pro, quite literally, while adding a few extra goodies into the mix. What's on the table? As per leakster Ahmed Qwaider, who has a fairly solid track record with Samsung leaks, the upcoming Galaxy Tab S11 Ultra will only be 5.1 millimeters across. That's the same thickness as the 13-inch iPad Pro with the M4 silicon inside. There will be a few crucial differences though. Samsung's slate will reportedly feature a bigger 14.6-inch display. Notably, the boat-shaped notch housing two front cameras is gone, and it will be replaced by a smaller teardrop-shaped notch that is now home to a single selfie camera. Recommended Videos Just like the iPad Pro, Samsung will go with an OLED panel with a 120Hz refresh rate, 16GB of RAM, and 1TB of onboard storage. Other leaked specs of the giant Samsung tablet include an IP68-cleared build and two color options — silver and grey. How can Samsung shine? Samsung's upcoming tablet will reportedly offer 45W wired charging support, which is noticeably faster than the iPad Pro. Moreover, the Galaxy Tab S11 Ultra will supposedly feature two cameras at the back, unlike the single rear camera layout on its Apple rival. Another neat facility is the recessed magnetic slot on the tablet's metallic shell for keeping the stylus. It is also said to run the full suite of AI features that are available across Samsung's smartphones courtesy of One UI 8 with deep Google Gemini integration. As far as a launch date goes, Samsung has confirmed that the Tab S11 series will land in the second half of 2025.
