I’ve posted a fair share of smart locks here on Doobybrain. I like the idea of them — being able to unlock, lock, and give access to your home to people whether you are there are not is something I find really convenient. And it seems I’m not the only one. The business of smart automation of a home through tiny gadgets and accessories is a booming business these days, generating about $1.5 billion in 2012 according to this Forbes report.

I’m not surprised then to hear that the early versions of some of these smart automation products are easily hackable. I guess companies doing this have to go through some bad eggs before they perfect a product. Yes, sometimes it’s due to user error (not setting a password, etc.), but other times, it’s actually just bad programming and design on the product’s side.

It’s scary to think that with a simple Google search somebody might be able to find your smart home lock/unlock and on/off switches. That’s what Kashmir Hill did, and I’m sure it scared the people she randomly chose to do her experiment on.

Googling a very simple phrase led me to a list of “smart homes” that had done something rather stupid. The homes all have an automation system from Insteon that allows remote control of their lights, hot tubs, fans, televisions, water pumps, garage doors, cameras, and other devices, so that their owners can turn these things on and off with a smartphone app or via the Web. The dumb thing? Their systems had been made crawl-able by search engines – meaning they show up in search results — and due to Insteon not requiring user names and passwords by default in a now-discontinued product, I was able to click on the links, giving me the ability to turn these people’s homes into haunted houses, energy-consumption nightmares, or even robbery targets. Opening a garage door could make a house ripe for actual physical intrusion.