THESIS DEFENSE Department of Computer Science and Engineering, University of South Carolina Candidate: Aniqua Z. Baset Advisor: Dr. Wenyuan Xu Date: Monday, April 6, 2015 Time: 9:00am Place: Swearingen, 3A00 (Dean’s Conference Room) Abstract Modern Home Automation (HA) systems handle all aspects of daily home living. Security breaches in these systems, therefore, can affect the homeowners in various ways, ranging from creating harassments to causing physical harm. As HA systems become a common feature of modern households, the robustness of these systems against external attack demand a thorough study. In this work, we explore the vulnerabilities of the state-of-the-art HA systems and, study their potential effect on the privacy and security of the homeowners. We investigated the Control4 and SmartThings HA systems as typical representatives of the HA systems available in the market. The devices in these systems communicate wirelessly using the ZigBee protocol, a prominent wireless technology in the HA field. Therefore, our study and findings can be extended to a wide range of HAs in the market. We discovered several vulnerabilities in the systems that allowed us to execute eavesdropping, spoofing and DoS attacks. We observed that it is possible to infer the types, location and activities of the devices in the home exploiting the uncovered vulnerabilities, which may lead to tracking homeowners’ activities and routine. We were also able to control home devices by injecting spoofed messages. In the end, we discussed some defense strategies that can mitigate the security and privacy risks of the HA systems we studied as well as the HA systems in general.