Smart home device security is widely overlooked

Modern society, in the U.S. as well as around the world, now relies on technology more than ever before, and there are no clear and present signs that this trend is going to slow down by any significant degree anytime soon, let alone pause in the near future. By extension, it stands to reason that cybersecurity would rise exponentially in importance.

To some extent, that’s exactly what has happened during the past several years. Despite the occurrence of quite a few high-profile cyber attacks within the last decade, information security occupies a role of considerable importance to many, even on the level of individual consumers. Consider how much more common two-step verification has become – it’s now an easily accessible option to Apple product users and those with Gmail accounts. Mobile banking and payment apps often employ it for password recovery and sometimes as a mandatory login process.

However, certain aspects of cybersecurity haven’t necessarily been viewed with seriousness equivalent to their gravity. Programmable and remotely controllable ‘smart’ home appliances, electrical grids and security systems, all of which are driven by the internet of things, often lack the protective measures that many computers and mobile devices employ, leading them open to a variety of malicious practices. Understanding this new threat on the horizon should be among the priorities of those interested in joining the IT and information security professions.

The smart home concept logically progressed from our existing reliance on technology and the internet. All things being equal, who can complain about concepts like programmable thermostats that learn different desired temperatures for separate rooms, and turn on the heat despite being miles from home, so the house is warm when you arrive? Or parents’ ability to check up on their little ones from work with connected baby monitors? In its layout of a typical smart home, CNN Money cited these household items as well as televisions, lamps, refrigerators, cars, and more.

Hackers with enough skill and dedication can crack nearly all consumer devices, even the more secure ones, but in so many cases these items don’t even make it particularly hard for these malicious actors. As explained by CNET, the vast majority of internet-connected home appliances receive default administrator passwords from their manufacturers, and leave changing these login credentials up to individual users. Those who choose to keep the original password expose themselves to any number of exploitations. The average person isn’t going to know where to look for a .PDF of a thermostat’s owner’s manual, but cyber attackers will, and once they have the login they can do as they please.

CNET noted that a multitude of hacked smart devices in households across the world served as a major conduit for one of the biggest recent cyber attacks. In October 2016, black-hat hackers seized control of smart homes by the thousands and used the false bandwidth the devices generated – most of them webcams – as a digital battering ram, known as a botnet. The hack hit the servers of major internet infrastructure provider Dyn. Facebook, Netflix, and many other sites experienced difficulties or shutdowns as a result.

On a more micro level, these flaws also allow someone with a bit of hacking talent and a grudge against another individual to mess with the workings of that person’s home, from the refrigerator to all of the house’s lights. The TV thriller “Mr. Robot,” which focuses largely on hacker culture and is often acclaimed for its verisimilitude, featured a minor scene exemplifying such mischief in its most recent season.

Many smart home users control their systems with apps that unite all devices under one function. Some of these include Amazon Alexa, Apple HomeKit, Nest, Belkin WeMo and Samsung SmartThings. Their security standards vary. Apple requires any developers wishing to integrate with HomeKit to meet rigorous guidelines, according to CNET, and thus is considered among the more secure products in its class, and Nest has rarely been hacked. Others, like Alexa and WeMo, are more open – the latter solely relying on Wi-Fi security – and thus much more vulnerable.

Smart homes will likely remain a rising trend, with MarketWatch projecting that North America will have 73 million connected households by 2021 – 50 percent of the continent’s homes. As such, security best practices for these systems are essential.

First and foremost, homeowners should never use the default admin password, and when creating original credentials, it’s wise to use a wide variety of characters. Multi-factor authentication also offers an additional layer of security. MarketWatch recommended that smart devices should have their own internet network, or be segmented from the other computers and devices onto a VLAN or VPN while remaining on the same modem connection. Finally, users must run periodic checks for software updates to smart home devices and platforms, so that they’re never left unprotected.

Recommended Reading

The difference between cybersecurity in Hollywood and reality

What we learned from infamous hacking incidents

Sources

RSA – 2017 Global Fraud & Cybercrime Forecast

CNN Money – Hackable House

Wired – Flaws in Samsung’s ‘Smart’ Home Let Hackers Unlock Doors and Set Off Fire Alarms

Tech Republic – 2017 Cybercrime Trends: Expect a Fresh Wave of Ransomware and IoT Hacks

CNet – How hackable are your smart home gadgets?

Market Watch – 7 ways to keep your smart home from being hacked