Home is where the Smart is

With the global smart home sector expected to be worth more than $53 billion by 2022, it’s more important than ever to understand the potential security threats these products can pose to users.
Author:
Publish date:
house home

Since home appliances were first invented back in the early 1900s, the tech world has worked hard to make them more efficient, easier to use, and smarter. It didn’t take long for science fiction to jump on the idea that we would not only see incredible feats of home automation in the future, but – as most of those stories went – something terrible would happen, the machines would rise up against their human overlords, and poor Janet would get eaten by her washing machine.

As the years went by, talking appliances became a reality, and the smart home market grew considerably. Back in 2013, Grand View Research reported that the global smart home industry was estimated at $13.07 billion. More recently, Zion Market Research revealed that the market was valued at $24.10 billion in 2016 and is expected to reach approximately $53.45 billion by 2022.

In reality, we’re unlikely to get eaten by our smart thermostat, or have Alexa override our locks to prevent us from going outside, a-la 1999’s Smart House, but with the growing collection of internet-connected devices in the home, there is a different type of threat in the form of cybercrime.

“When any new technology becomes predominant it always introduces new ways that it can be exploited and gives those who would seek to gain from an unsecure network new access methods, and smart homes provide a valuable target to focus on,” says D-Link’s European marketing manager Dhara Kothari.

“When real time communications became popular with families in the 90s and webcams became in vogue, this introduced a new way an attacker would be able to gather information. The same applies to smart home technology, only now the information they can gather is vast because we store data about our daily lives.”

Jonathan Whitley, WatchGuard Technologies’ area sales director for Northern Europe, points out that the reason smart home products are targeted is that IoT devices “are almost never designed with security in mind”.

“CCTV cameras, TVs, etc provide a launch pad for hackers to deploy DDoS attacks. Furthermore, unsecured IoT devices such as printers could well provide access to networks,” he warns.

The more connected devices there are in any one home can make things easier for hackers too, as Zyxel’s head of channel UK&I, Pete Hannah, puts it: “In a lot of homes now there is an increasingly growing number of connected devices, which makes it easier for cybercriminals to carry out attacks because the window of opportunity for them to do is opening wider all the time.

“There is currently no regulation on smart home devices either, which makes it easier still. If every single smart connected device on the market was sold only after stringent security had been installed in them, this would make the smart home a much safer place for consumers.

“Because of this, the onus currently lies heavily on the consumer to ensure these products are safe. Ensuring that all security features of the device are enabled, changing all log-in details and passwords as soon as the products are taken out of the box are all steps consumers can take to make their devices are safe as possible.”

Home Invasion

So what are some of the biggest threats that smart home users could face? Paul Lipman, CEO of BullGuard, notes “hacking and data loss” as top of the list.

“Many researchers have already proven how easy it can be to hack into devices that are already on the market,” explains Lipman. “Samsung’s SmartThings smart home platform was proven to be riddled with holes and the methods used to hack it were not complex. These vulnerabilities have since been patched but it illustrates how even well-known brands can still get it wrong when securing smart home devices.

“A significant part of the problem is manufacturers releasing products that are not well protected and expecting users to be security ‘experts’, for instance knowing how to find and apply firmware updates.”

D-Link’s Kothari notes that some of the biggest threats come from hijacking. “Potential cyberattacks like ‘man in the middle’ exploit allows an individual to effectively take over a device and use it for themselves. IoT has allowed us to connect and use devices in ways that were not possible before, but the same convenience we create for ourselves could also potentially be used against us.

“Imagine a scenario where a cybercriminal enters your home virtually, watching you on home surveillance, knowing where you store your valuables, being able to check when you enter and leave the house based upon schedules that you have set-up or wearable GPS devices, all performed remotely.”

WatchGuard Technologies’ Whitley agrees on how easy it can be for hackers to steal personal information, and even listen in on conversations and manipulate controls of these devices. “It’s not a nice thought to come home from vacation to find your heating on full, all the lights on and discover your credit card has been maxed out as hackers have been able to see your calendar when you’re away, control your smart tech and view your credit card details.”

Knowledge is power

While vendors will no doubt learn from these vulnerabilities and strive to create smart home products with more security, in the meantime, how can consumers gain the knowledge needed to keep their devices secure?

Like with many emerging consumer tech markets, the retailers selling the products are usually shoppers’ trusted advisors when it comes to understanding new products and making sure they’re cyber secure.

“It’s extremely important for retailers to be able to protect consumers from danger when they are buying connected devices, and they can do this by helping them understand the risks they are opening themselves up to when making their homes ever more connected. Not only this, but retailers should be helping consumers understand how best to protect their products, too,” says Zyxel’s Hannah.

“This is not happening enough presently, but it is something the entire retail sector needs to be better at. Some products on the market, such as Alexa, do come with good security measures implemented, but there are many products available to buy from online shopping sites which do not. Manufacturers and retailers also need to work together more closely, to ensure they are placing smart devices on the market which are as protected as possible.”

D-Link’s Kothari agrees that it is important everyone along the chain is knowledgeable about security risks that come with smart home products.

“It is vital that vendors, retailers and end-users keep up to date with the latest security updates for any new devices that they purchase. For the end-user, taking the time to understand the features of what they have purchased will help them to stay aware of how to keep themselves safe, such as devices with in-built firewalls.

“Vendors also have a responsibility to be aware of current vulnerabilities in internet protocols and ensure that the consumer is kept safe with regular security updates and bug fixes alongside new security technologies,” she says. “Purchasing the products from a well-established vendor with a strong security focus is the first step to keeping homes connected and protected from those who would seek to abuse them.” 

PCR's Sector Spotlight on Security - in association with BullGuard - is running throughout October - click here for more articles.

bullguard spotlight

Like this content? Sign up for the free PCR Daily Digest email service to get the latest tech news straight to your inbox. You can also follow PCR on Twitter and Facebook.

Related