Oh, what’s in a home, if not comfort and safety? But what if you could enhance these attributes? Just imagine getting comfortable in your bed and suddenly realizing you forgot to lock your front door. What if, instead of actually going downstairs to lock it, you could just stay in bed and press a “lock door” button on your smartphone? You could do that – if you had a smart home automation system in place.
Although it’s still in its infancy, this niche market is creating a lot of hype in the tech world. There are mobile apps available for both Android and iOS which can control just about every device or functionality in your home. And there are actual home automation systems you can install and create a home network of interconnected devices and appliances that you can control through your smartphone. According to research company HIS Technology, by 2018 there will be 45 million smart home devices used as part of home automation systems around the world.
Controlling all of your smart appliances through your smart phone sounds so convenient, doesn’t it? But what about security?
Smart homes powered by hackable systems and devices
At this year’s Black Hat conference, one researcher described how he found a major security flaw in the communication system of his hotel. The security hole enabled him to take control of the TV sets in all the hotel rooms through his mobile device. More alarming is that, over the last couple of years, other researchers have discovered similar flaws in existing home systems. In addition, a recent study by HP reveals that 70% of interconnected devices are vulnerable to attacks. HP reviewed 10 popular home appliances and devices including remote power outlets, TVs, home thermostats, and automatic door locks, and discovered 25 vulnerabilities per device.
70% of interconnected devices are vulnerable to attacks. [Tweet this]
Now, given the variety of home systems and devices on the market, vulnerabilities differ accordingly. However, most of them fall under the following categories:
Unsecured communications protocols used to connect smart appliances to other devices
Use of port forwarding to enable remote access to devices connected to the home system
Lack of data transport encryption, even for downloads of software updates
Poor authentication requirements for network control commands and lack of granular access permissions
Unsecured web interfaces and mobile devices used to control an entire home network.
By exploiting any of these types of vulnerabilities, skilled hackers can connect to home networks, reboot devices and control appliances – just imagine someone unlocking the doors to your home! Essentially, each of these types of vulnerabilities can turn a home automation system into a backdoor. And criminals can use it to install malware into a smartphone or computer to steal important data, or control home security systems to easily break into houses.
Home network security has to go full circle
Proper security should be integrated at every level of internet connectivity – from the protocols that enable appliances to communicate with each other, to the smart appliances and the mobile devices used by end users to control them remotely. While the end users can make sure they have security on their mobile devices, one cannot expect them to know and to fix every security issue in their home network. This is the responsibility that vendors and systems integrators installing these home services should bear.
So, what’s to be done? Home system vendors should consider taking some steps towards solving the outstanding security issues mentioned above.
1. Be proactive. Not only should they take note of industry research findings and fix encryption, authentication and port forwarding issues, but they should also do proper security testing at every internet connectivity level on a regular basis. By being proactive they may spot vulnerabilities themselves and fix them in due time.
2. Look at the whole picture. Even if home automation systems are fully secured, hackers could still break in by leveraging users’ unsecured mobile devices. So home security vendors could also consider providing all-around security, i.e. antivirus protection at the device, gateway, and cloud level, including full scans of all the devices within a home and removal of any piece of malware found. Thorough protection against attacks on home systems will simply translate into user trust and confidence.
3. Educate users. Given the ever-evolving and increasing number of mobile malware, it is important that end users know what security threats they may run into while trying to control their home networks remotely. This will help them avoid having their mobile devices breached, and home systems vendors having to deal with a potential attack on their systems.
By checking all three points above, vendors can provide not only convenience through high-quality products but also 3x smarter security to their customers.