The Smart Home Revolution: Risks and Opportunities

Smart devices are simply a part of the modern world. They keep you connected and even respond to your questions and needs. According to research from Metova, about 90 percent of homes have some type of smart device, with 70% of homes owning a voice-controlled system.^[1] This revolution of the home’s ability to be smart and connected presents both risk and opportunity for developers of the technology.

Consumers Drive Demand

Home automation is a trend on the rise for new homes and renovations. From lighting, to temperature control to security systems, homeowners want this technology, as it makes their life easier. They want to be able to change the settings of their home or turn something on and off with a tap or by voice. That is made possible by their smart devices, either from an app on a smartphone or voice activation to Google Home or Amazon Alexa.

Smart Devices Present Risk of Hacking

These consumer desires are changing the spaces in which people live. They want everything connected, and often overlook security. But they should still be wary, because IoT attacks increased by 280% in the first half of 2017 per a Gartner study.^[2] Most of this was due to the Mirai malware attack. Hackers are sophisticated in the 21st century, and there will be new viruses that come along. There’s also the threat of hackers using IoT devices in a Distributed Denial of Service (DDoS), too. The ZigBee communication protocol is another popular application by attackers, as it allows them to join the secure home network.^[3]

Looking for a Way In

Stories in the news often startle viewers with families sharing stories of baby monitors being hacked or other devices. Hackers aren’t interested in hearing your baby sleeping. It’s an entry into the network, where personal information can be found and swiped.

Much of what’s being researched and studied right now looks at each individual IoT device. However, the true smart home is built on interoperability, with an Alexa or Google Home device as the integrator. Homeowners tell Alexa to dim the lights and turn the AC up.

Integrated Systems Create Unique Risks

A study from the IoT/CPS Security Research at the University of Michigan looked at a connected system.^[4] The research found two major areas of weakness: excessive privileges and insecure messaging.

Applications have permission to take actions, and these privileges are grouped rather than individual. For example, an app could have permission to both lock and unlock a door, even if it didn’t need to do both. This comes back to the development of the system and its permission design. The study found that 55% of applications reviewed had more functions that it needed.

The communication between apps is also a source of risk. It’s very much like texting or IM’ing. Part of that information is secure like PIN codes or passwords. Back to the door lock example, the app may have permission to unlock it, but it also may communicate the pin code. These apps, again, have a vulnerability related to the design of the software.

Addressing Risk in the Integrated Smart Home

While risk is inherent in the smart home, so is opportunity. An integrated smart home has a lot of appeal to homeowners, which will only grow as technology becomes more sophisticated and less expensive. The key to addressing risk is in the design and configuration. Developers must think not just of digital assistants and their role in the infrastructure but how all the smart devices will integrate and work together.

This technology is actually very young, even though it’s hard for a significant portion of the population to remember life before smartphones. New technology is always evolving, and there are strides that can be made from the design standpoint. The crux of this problem is that smart homes focus more on convenience and not enough on security. There is a way to find a happy medium.

Applications should have permission limitations that help control what it’s allowed to do, and permissions should not be the same across the board. If the digital assistant is your control center, how it interacts with other IoT devices matters immensely. This creates lots of communications, which are another weak spot, so messaging between devices also needs to be encoded and protected.

Integrators Can Educate

For integrators of the technology, you have the power to educate users on secure configurations. Explain that, yes, Alexa can do tasks for you without putting you at risk. Just as with any other platform, data privacy can be determined by the user. Making sure homeowners understand this and providing recommendations is key.

How a smart home accesses and uses data dictates the risk. Design and configuration make the difference, which goes back to the application designers and the brands that install them. And while convenience is necessary, security doesn’t need to be compromised. Finding that ideal balance will make smart homes even smarter.

^[1] https://metova.com/infographic-the-connected-home/

^[2] http://www.gartner.com/newsroom/id/3185623

^[3] https://www.blackhat.com/docs/us-15/materials/us-15-Zillner-ZigBee-Exploited-The-Good-The-Bad-And-The-Ugly-wp.pdf

^[4] https://iotsecurity.eecs.umich.edu/