Smart Homes Controlled by Smartphones Need 3x Smarter Security

Posted by Emma Ban on 2014-10-09 16:21:00

Oh, what’s in a home, if not comfort and safety? But what if you could enhance these attributes? Just imagine getting comfortable in your bed and suddenly realizing you forgot to lock your front door. What if, instead of actually going downstairs to lock it, you could just stay in bed and press a “lock door” button on your smartphone? You could do that – if you had a smart home automation system in place.

Although it’s still in its infancy, this niche market is creating a lot of hype in the tech world. There are mobile apps available for both Android and iOS which can control just about every device or functionality in your home. And there are actual home automation systems you can install and create a home network of interconnected devices and appliances that you can control through your smartphone. According to research company HIS Technology, by 2018 there will be 45 million smart home devices used as part of home automation systems around the world.

Controlling all of your smart appliances through your smart phone sounds so convenient, doesn’t it? But what about security?


Smart homes powered by hackable systems and devices

At this year’s Black Hat conference, one researcher described how he found a major security flaw in the communication system of his hotel. The security hole enabled him to take control of the TV sets in all the hotel rooms through his mobile device. More alarming is that, over the last couple of years, other researchers have discovered similar flaws in existing home systems. In addition, a recent study by HP reveals that 70% of interconnected devices are vulnerable to attacks. HP reviewed 10 popular home appliances and devices including remote power outlets, TVs, home thermostats, and automatic door locks, and discovered 25 vulnerabilities per device.

70% of interconnected devices are vulnerable to attacks. [Tweet this]

Now, given the variety of home systems and devices on the market, vulnerabilities differ accordingly. However, most of them fall under the following categories:

  • Unsecured communications protocols used to connect smart appliances to other devices

  • Use of port forwarding to enable remote access to devices connected to the home system

  • Lack of data transport encryption, even for downloads of software updates

  • Poor authentication requirements for network control commands and lack of granular access permissions

  • Unsecured web interfaces and mobile devices used to control an entire home network.

By exploiting any of these types of vulnerabilities, skilled hackers can connect to home networks, reboot devices and control appliances – just imagine someone unlocking the doors to your home! Essentially, each of these types of vulnerabilities can turn a home automation system into a backdoor. And criminals can use it to install malware into a smartphone or computer to steal important data, or control home security systems to easily break into houses.


Home network security has to go full circle

Proper security should be integrated at every level of internet connectivity – from the protocols that enable appliances to communicate with each other, to the smart appliances and the mobile devices used by end users to control them remotely. While the end users can make sure they have security on their mobile devices, one cannot expect them to know and to fix every security issue in their home network. This is the responsibility that vendors and systems integrators installing these home services should bear. 

So, what’s to be done? Home system vendors should consider taking some steps towards solving the outstanding security issues mentioned above.

1. Be proactive. Not only should they take note of industry research findings and fix encryption, authentication and port forwarding issues, but they should also do proper security testing at every internet connectivity level on a regular basis. By being proactive they may spot vulnerabilities themselves and fix them in due time.

2. Look at the whole picture. Even if home automation systems are fully secured, hackers could still break in by leveraging users’ unsecured mobile devices. So home security vendors could also consider providing all-around security, i.e. antivirus protection at the device, gateway, and cloud level, including full scans of all the devices within a home and removal of any piece of malware found. Thorough protection against attacks on home systems will simply translate into user trust and confidence.

3. Educate users. Given the ever-evolving and increasing number of mobile malware, it is important that end users know what security threats they may run into while trying to control their home networks remotely. This will help them avoid having their mobile devices breached, and home systems vendors having to deal with a potential attack on their systems.

By checking all three points above, vendors can provide not only convenience through high-quality products but also 3x smarter security to their customers.

Subscrine to OEM Hub

Find me on:

Emma Ban

Emma Ban is a Content Writer at Bitdefender. Having worked in the industry for more than three years, in both B2C and B2B areas, she has a deep understanding of the online threats that put at risk the security of both consumers and corporations. Thus, her main focus is to provide insights into security technology trends that enable safe environments for companies and their employees. She thoroughly enjoys traveling and has a special interest in fashion technology.

Topics: OEM Business, Mobile Security, Network Security, Endpoint Security