Are smart-home devices and applications cyber-safe?

November 3, 2017

Sign up to free email newsletters

Download

Exclusive download: The smart door locks report 2018

Web-based smart-home control applications communicate with and control smart household components like thermostats or lighting systems from your smartphone or PC.

The problem is that these apps are part of the internet of things (IoT) and communicate via the internet – leaving a potential security hole that must be carefully monitored and patched.

There are tens, if not hundreds, of devices and applications that promise to manage your home systems.

A few examples are Nest, which allows you to schedule Nest thermostat temperatures and monitor your energy usage; ADT Pulse, through which you can remotely operate your house alarm and receive status updates by text; and SmartThings Mobile, which communicates with the SmartThings hub to monitor and control all your smart devices.

These encompass the wide range of capabilities emerging in this fast-growing market, which is expected to rise from an installed base of 15.4 billion devices in 2015 to 75.4 billion devices by 2025.

WPA2

But how safe are these applications and devices?

Recently, the WPA2 data and network access protocol was hacked by Belgian researchers at KU Leuven University. Such hacks, which leave wireless usage vulnerable to recording and malicious observation, have opened a new discussion on the importance of protecting external access to internet-based home devices.

Many smart apps can be overprivileged, meaning they can gain access to processes that their functionality does not require

Research at the University of Michigan has also discovered that many smart apps can be overprivileged, meaning they can gain access to processes that their functionality does not require.

With the IoT expanding so quickly, many security experts are expressing concerns that safety precautions are falling by the wayside.

Reacting to this, the Atlantic council, working with three independent security researchers, has produced a report with the goal of creating the groundwork for the creation of new smart-home security measures. The council’s recommendations include increased security considerations during the design process – ‘security by design’ – remote updates and patching, transparent data protection methods and informed consent for data use.

Rather than simply wait for such measures to be introduced, it is entirely possible to make a smart home a cyber-safe home now. This starts with simple measures like proper password management in your applications, such as changing them regularly and avoiding easily guessed things like your date of birth and favourite football team, regularly backing up data and keeping software up to date.

From a business perspective, taking measures like installing a web application firewall and exercising a level of transparency with your regular users are integral to keeping smart-home applications and devices safe.

An application firewall will filter incoming traffic to a web application, allowing you to isolate and deal with attacks such as SQL injections, where an attacker injects hostile data into a website which can then trick the actioner into executing unintended commands and presenting unauthorised data.

Being transparent about security breaches is also incredibly important as this allows users to take steps to protect themselves should they be put at risk.

Smart-home control technology is still a fairly recent innovation and will inevitably encounter bugs and trips along its explosive development path. Several recent notable breaches bear this out.

However, keep your ear to the ground for newly discovered vulnerabilities, keep your apps up to date and pursue additional safety measures where required and you should never have an issue.

Free Download: Cybersecurity and physical security systems: how to implement best practices

If you are involved in the operation or maintenance of physical security systems, this resource from Vanderbilt will help you choose the right equipment for staying diligent. It provides a five step process for strengthening the resilience of those systems against cyber-attack, as well as explaining what cyber-attacks mean in an interconnected world.

Discover the five step process now by clicking here.

Related Topics

Leave a Reply

Be the First to Comment!

avatar
  Subscribe  
Notify of