The Internet of Things is infiltrating the home. A plethora of connected devices are currently available for consumer use that are intended to make the most basic, everyday processes smarter and more intuitive. In fact, CNET just recently compiled a list of the top smart-home devices in 2015. It includes smart thermostats, smart light bulbs, a do-it-yourself smart security kit, smart outlets, a smart lock and more. These are only some of the basic household items that have been infused with connectivity. Big-name retailers such as The Home Depot have already updated online stores with official smart home sections for shoppers. Garage door openers, security systems, sprinkler sets and household appliances with connected features are being manufactured and sold.
According to Part 1 of Trend Micro's, "The Smartification of the Home" report, manufacturers and developers of hardware for the home are under pressure to create convenient products that are also energy efficient and secure. Part 2 of the report states that this has resulted in broadband providers offering service-package add-ons specifically for smart home technology. Exactly how widespread the adoption of smart home technology will be remains to be seen, but so far its been fast out of the gates.
What's the catch?
The potential for convenience in the smart home is nearly unlimited. However, so is the potential for cyber crime and new privacy violations. A recent article by Forbes contributor Kalev Leetaru honed in on the potential cyber threats that can sneak into the home via newly connected devices. Much of the consumer technology that will be connected via the proliferation of the Internet of Things will live in the home. Leetaru gave the examples of baby monitors, smart television sets and home security systems as new sources of data aggregation, and new gateways for cyber crime.
For smart devices to function intuitively, many will have to be integrated with Web cams and microphones, and maybe even facial recognition technology. Part of making devices "smart" is giving them the ability to anticipate the needs of a user and more readily serve a function via intuitive commands – voice, motion sensor, etc. In order for this to be achieved, the connected device must gather information, often in the form of voice and video, and in the most intimate user setting of all: the home.
This raises several concerns, the fist being privacy. According to Leetaru, certain brands of televisions may actually stream private conversations and send them back to the developer in an effort to enhance voice recognition and command features. Other forms of home technology can be accessed in a similar manner, so that legitimate developers can deliver enhanced products. For obvious reasons, many consumers will find this off-putting, partly because of concerns about privacy, but more importantly, because of concerns about who else might be listening. It's one thing when the developer of the technology has remote access to a device, but it's another entirely when an unauthorized user, such as a hacker, does.
Scoping out threats and mitigating risks
The first step to improving security in the smart home is scoping out threats. According to Trend Micro, there have been cases in the past in which a product's default settings can result in privacy violations. The example cited was an incident in which Foscam's IP cameras were being exploited for eavesdropping. The company has since taken steps to remedy the situation, but the fact that it ever happened highlights the importance of user awareness regarding the capability of smart technology.
Enter strong authentication. Many services to the smart home will typically be cloud-based and account access for these devices will use password verification. This means that anyone with access to these login credentials can potentially manipulate a smart home product or service. In theory, a remote user could therefore control the smart lighting system in the house, or open a garage door, or even shut down a smart security system. It's as easy as installing the service application associated with the smart product and logging into an account.
As if this wasn't scary enough, Trend Micro notes the existence of the Shodan search engine, which is an immense database of all the Internet-connected devices, and the associated risks with such devices. This includes the issue of users not changing default passwords – a huge no-no in the age of the IoT. Strong passwords with numbers and special characters are an absolute necessity in the smart home, and they must regularly be updated to mitigate the risk of unauthorized access to connected technology.
Other factors to consider when it comes to securing the smart home is ongoing patching that identifies and secures new vulnerabilities. Trend Micro notes that this task falls on the shoulders of smart device vendors, who are responsible for creating a streamlined updating process and fluid user interface that makes customers aware of updates without confusing them. Likewise vendors must use encryption to ensure that all data sent and received within the household is secure. Users can do themselves a huge favor by researching known vulnerabilities in certain products and models prior to making a purchase.
From the perspective of the customer, being smart about smart home technology is the best way to ensure security. This entails being a conscious consumer, and setting up the proper cyber security safeguards. As the Internet of Things becomes embedded in home living, solutions such as the Smart Protection Network from Trend Micro can help weed out potential security threats before they even have a chance to knock on the door.