DALLAS, Ore. - It was like something out of the nerdiest horror movie of all time.
Thomas Hatley was sitting in his Dallas, Ore. home when the phone rang with some disturbing news - the voice on the other end had control of his home.
To prove it, the stranger turned the lights off and on as Hatley sat dumbfounded.
"It was a thrill and a chill at the same time," Hatley said Tuesday.
The caller was Kashmir Hill, a staff writer for Forbes Magazine.
She had discovered a serious flaw in the security system of so-called "smart homes" run by an automation system made by a company called Insteon. The technology allows users to control everything from lights and fans to hot tubs and garage doors from their computer.
Pretty cool, right?
But Hill found what she thought was a very simple way to take control herself. Calls to eight strangers around the country proved her right.
"It made it very easy for an intruder like me to get access," Hill said in an interview. "He asked me just to turn on and off the lights in the master bedroom."
Boom - on and off went the lights.
A self-described tech geek, Hatley immediately went to work password-protecting his system - a measure the company recommends all its customers do.
The problem, Hill said in her Forbes article, is that the system doesn't default to password protection.
"Their systems had been made crawl-able by search engines - meaning they show up in search results and due to Insteon not requiring user names and passwords by default in a now-discontinued product, I was able to click on the links, giving me the ability to turn these people's homes into haunted houses, energy-consumption nightmares, or even robbery targets," she wrote. "Opening a garage door could make a house ripe for actual physical intrusion."
Hatley, for one remains undeterred - albeit more cautious.
"Kids from the last generation, this generation, the next generation will dream about being able to talk to their house and have it talk back to them," he said.