FIGURE 4-7. Text message alerting user when door is opened
It isn’t hard to imagine the amount of trust a family would have to place in a product to
depend on it to send an alert in the case of a physical intrusion. As such, it is important that
companies such as SmartThings architect security into the design and functionality of their
products. In the next few sections, we will look at scenarios that could put SmartThings cus-
tomers at risk, and how the issues can be mitigated.
Hijacking Credentials
As we’ve seen, the SmartThings app stores the user’s settings and customizations on the
external infrastructure available at graph.api.smartthings.com. This makes it possible for
external entities to take control of a user’s SmartThings devices if they are able steal or guess
SMARTTHINGS 95