Dave Kennedy (ReL1K) presented this talk at last summer’s Defcon 19 conference demonstrating the relative insecurity of home automation devices, such as X10, HomePlug and ZWave modules, which communicate either locally over power lines or via RF in the ISM bands.
The presentation covers usage of the Teensy Arduino-based device to emulate a keyboard when plugged into the target computer. Due to the memory limits of the Teensy, they present methods to reduce the size of the malware payload. Sniffing of power line X10 codes and interpretation of the data is also covered.
Code for the exploits described in this video can be found in the Social-Engineering Toolkit downloadable from SecManiac.