How to Hide Your Smart Home on the Darknet
Today, the Tor network can be used for a much more personal form of security: keeping hackers out of your smart toaster, cameras, and other smart devices. Back in June of this year, a Tor Project partner, the nonprofit Guardian Project (which supports and develops online anonymity), announced a special way to use encryption within the Tor network and “stealth” networks to protect the so-called “Internet of Things” or smart home devices.
This is a growing class of gadgets, from refrigerators and light bulbs to security cameras, that connect to the Internet to enable new forms of remote control and automation. As is well known, the rise of the Internet of Things has triggered a wave of various hacker attacks: from building botnets and hacking baby monitors to stealing your Gmail password through your refrigerator.
How Does It Work?
Guardian took a Raspberry Pi mini-computer and integrated it into an open-source smart hub called HomeAssistant, which acts as a “Tor Hidden Service.” What does that mean? These are Tor applications that hide the location of servers hosting darknet sites.
The result, according to Guardian Project director Nathan Freitas, is a much safer way to connect your smart home to the Internet while keeping it protected from potential digital attacks.
“This turns your Internet of Things hub into a hidden service.” β N. Freitas
In fact, this method not only turns your smart home hub into a regular Tor Hidden Service using onion routing and encryption. Instead, the smart home system uses a lesser-known Tor feature called an authenticated hidden service.
Tor relay computers cannot connect to the end device without entering a specific password, which Freitas describes as a “cookie.” “You can still access your baby monitor, but a potential hacker will have a hard time finding this device. If you add authentication, only people with this ‘cookie’ will be able to access your smart home hub.”
Setup and Limitations
This will make your smart home more secure, but it does require a complex and very precise setup. The system requires that any device with Internet access be connected to the Tor network and must include the correct code contained in a “relay file.” Setting up these files is the most tedious step in installing this system for your smart home.
By the way, the team has not yet tested this technology on iOS devices.
Using a Raspberry Pi is, of course, less convenient than commercial alternatives like Samsung SmartThings, Google Home, or Apple HomeKit, but it is the only way to hide your devices on the darknet and make things harder for hackers, who will likely prefer easier targets. Freitas also points out that commercial smart home setups require you to open parts of your home firewall for remote device access, or require you to trust the companyβs cloud setup that links remote and home devices together.
But these options can leave your gadgets open to vulnerabilities introduced by device vendors and make them visible to Internet scanning tools like Shodan.
Conclusion
Overall, this project is very ambitious and proves that onion routing can be used to protect smart homes. So far, there is no better solution for hiding home devices.