Are smart-home devices and applications cyber-safe?

November 3, 2017

Sign up to free email newsletters

Download

Integrated thinking: Connected security for smart infrastructure

Web-based smart-home control applications communicate with and control smart household components like thermostats or lighting systems from your smartphone or PC.

The problem is that these apps are part of the internet of things (IoT) and communicate via the internet – leaving a potential security hole that must be carefully monitored and patched.

There are tens, if not hundreds, of devices and applications that promise to manage your home systems.

A few examples are Nest, which allows you to schedule Nest thermostat temperatures and monitor your energy usage; ADT Pulse, through which you can remotely operate your house alarm and receive status updates by text; and SmartThings Mobile, which communicates with the SmartThings hub to monitor and control all your smart devices.

These encompass the wide range of capabilities emerging in this fast-growing market, which is expected to rise from an installed base of 15.4 billion devices in 2015 to 75.4 billion devices by 2025.

WPA2

But how safe are these applications and devices?

Recently, the WPA2 data and network access protocol was hacked by Belgian researchers at KU Leuven University. Such hacks, which leave wireless usage vulnerable to recording and malicious observation, have opened a new discussion on the importance of protecting external access to internet-based home devices.

Many smart apps can be overprivileged, meaning they can gain access to processes that their functionality does not require

Research at the University of Michigan has also discovered that many smart apps can be overprivileged, meaning they can gain access to processes that their functionality does not require.

With the IoT expanding so quickly, many security experts are expressing concerns that safety precautions are falling by the wayside.

Reacting to this, the Atlantic council, working with three independent security researchers, has produced a report with the goal of creating the groundwork for the creation of new smart-home security measures. The council’s recommendations include increased security considerations during the design process – ‘security by design’ – remote updates and patching, transparent data protection methods and informed consent for data use.

Rather than simply wait for such measures to be introduced, it is entirely possible to make a smart home a cyber-safe home now. This starts with simple measures like proper password management in your applications, such as changing them regularly and avoiding easily guessed things like your date of birth and favourite football team, regularly backing up data and keeping software up to date.

From a business perspective, taking measures like installing a web application firewall and exercising a level of transparency with your regular users are integral to keeping smart-home applications and devices safe.

An application firewall will filter incoming traffic to a web application, allowing you to isolate and deal with attacks such as SQL injections, where an attacker injects hostile data into a website which can then trick the actioner into executing unintended commands and presenting unauthorised data.

Being transparent about security breaches is also incredibly important as this allows users to take steps to protect themselves should they be put at risk.

Smart-home control technology is still a fairly recent innovation and will inevitably encounter bugs and trips along its explosive development path. Several recent notable breaches bear this out.

However, keep your ear to the ground for newly discovered vulnerabilities, keep your apps up to date and pursue additional safety measures where required and you should never have an issue.

IFSEC International 2018

Join IFSEC Global live at Europe's only dedicated integrated security event. Register for free.

Meet over 600 exhibitors, test more than 10,000 of the latest security products, and discover best practice and future trends in an unrivaled seminar programme.

Highlights include;

  • Frank Gardner to chair the Keynote Arena
  • Former US Secretary of Homeland Security to take Keynote stage
  • Live attack testing in the LPCB/BRE Global Attack Zone
  • Your chance to get hands on with the latest security innovations thanks to the brand new Show Me How feature

Related Topics

Leave a Reply

Be the First to Comment!

avatar
  Subscribe  
Notify of