Why you need to worry about your smart-home’s security?

smarthomesecurity-e1445623963123

No one will argue that the Internet of Things (IoT) is the buzzword in today’s internet-driven world. From connected light bulbs to smart fridges and coffee machines, the IoT phenomenon is promising to change our lives in ways that weren’t imaginable a few years back.

But in tandem with becoming smarter, our homes are also becoming less secure, and the billions of devices that are being added to our hyper-connected world every year are creating countless new possibilities and attack vectors for hackers with malicious intents.

As the IoT continues it chaotic growth, is becoming more critical than ever. Hacked baby monitors, cars that are shut down remotely, and televisions that spy on you are just some of the stories that might give you the creeps and make you lose your trust in your own dishwashing machine and other home appliances.

I had the chance to talk to some of the experts in the IoT security field, and here are a few warnings you should consider if you already own IoT devices at home, or are planning to buy a new connected appliance.

In their haste, IoT developers overlook security considerations

While IoT is going through its “gold rush” phase, manufacturers are more concerned about shipping feature-complete products, and in their haste to avoid losing the competition, they’re prone to neglecting security issues. In a survey carried out by security firm Auth0, 85 percent of polled developers admitted to being pressured to rush an application to market despite security concerns. According to developers surveyed by Auth0, “IoT devices are often pushed to market too quickly, forcing developers to cut corners.”

Therefore, hundreds and thousands of vulnerable devices have already been installed in consumers’ homes, with hundreds more entering the fray every day.

A blog post by security expert Graham Cluley states that more than 200,000 IoT devices suffer from the Heartbleed bug, one of the most serious security holes discovered in recent years.

In another research led by security consulting firm SEC shows, millions of IoT products were found to use shared SSH and HTTPS keys, which make Man-in-the-Middle attacks a breeze.

Patching and updating IoT devices involves too much trouble.

The second point to consider is the mechanism needed to patch, update or re-flash IoT firmware once it is found to have a vulnerability. Since many gadgets are sorely lacking in this domain, their owners are left to choose to either dispose of the product or to keep it and live with the fact that there’s a vulnerable gadget in their home that can be compromised by malicious hackers.

As Mika Majapuro, the director of business at security tech-firm F-Secure, told me, “there is no way to manually install security products on your IoT devices. How would you install anything on your toaster?”

There’s also the issue of managing all these connected devices. Majapuro further elaborated on the issue by pointing out, “Many of these devices have a long life-cycle. If you buy a connected fridge, you probably want to keep it for several years. How will you know when a software update for your fridge is available?” You’ll probably have to check its vendor’s site for update. But then you have many of these devices in your home. Majapuro added a twist by asking, “What if your fridge vendor stops supporting the model you have or the vendor goes bankrupt?”

IoT devices give away your living habits

And by this, I mean more than those evil smart TVs that snoop on your watching habits and listen to your conversations. As a study by LGS Innovations points out, even when IoT devices encrypt their communications, hackers can monitor IoT network activity in your home to remotely figure out your daily habits, including the times you’re not at home (you know what happens after that).

And that does not account for individual devices being hacked. When I asked Dr. Paul Judge, co-founder of tech-startup Luma, about smart home security, he wrote, “IoT devices tend to hold your most personal information – like camera footage of your home, your health information, location and family info. If you do not address security for IoT devices, then every new device that you bring home has the potential to steal your identity and invade your privacy.”

IoT devices can enable intruders to access more sensible devices

IoT devices might not contain critical information per se, but they can allow hackers to access more critical information that can be found in your network.

Most devices are immune against intruders from outside your network, but they’ll likely trust a device that is in your local network. For instance a web server in your home network might not accept connections from outside, but will trust HTTP requests coming from within the home network.

As Majapuro told me, “Most hackers are not after your connected coffee maker. They are after your personal information, e.g. your banking information. Hackers might use your connected coffee maker as an entry point into your home network. Once in, they can try to get to you laptop and tablets and that way gain access to personal information e.g. banking and credit card information.”

Cybercriminals use vulnerable IoT devices to assemble their botnet armies

This might not directly affect your life, but it is a serious issue nonetheless. In case you didn’t know, one of the most famous types of cyber-attacks are Distributed Denial or Service (DDoS) attacks, in which hackers hijack a large number of devices called botnets, and use them to send countless requests to target servers in order to overload them and bring them down.

In days of yore (I mean ten years ago, maybe), such a feat could only be accomplished by compromising personal computers, which was a challenging task given that most users tend to install some sort of anti-virus or malware protection software on their PCs. But with a host of vulnerable IoT devices at their disposal (which have no means to protect themselves), hackers no longer need to go after desktop workstations and laptops.

Without knowing it, your smart fridge or connected light bulb can become a slave (or a willing member) of a dark botnet army, doing the bidding of some evil hacker who wants to ransom an unfortunate victim.

Conclusion

Ok, the threats involved in the IoT industry are freakishly scary, but the goal of this post wasn’t to convince you to change your mind and stick to the same dumb, decades-old appliances you owned before, you’re wrong. In fact, as the  , I’m always on the lookout for new gadgets and cutting edge technology, and I have quite a few smart things at home and  I see great potential in the future of IoT. And the tech community is already taking great strides to make sure  more secure and are used for the purposes they were made. F-Secure in particular will soon be shipping the SENSE box, which will be addressing the very issues raised in this post.

The point is, you need to assess the risks, identify the weaknesses, and plug the holes that cybercriminals might use to turn your dream home into a nightmare. I will be addressing IoT security in future posts and offer guidelines and advice for improvements. In the meantime, if you have any questions, suggestions or innovative ideas on IoT security, please leave a note below, or contact me.

FEATURED IMAGE: MACROVECTOR/SHUTTERSTOCK (IMAGE HAS BEEN MODIFIED)

Advertisements

29 comments on “Why you need to worry about your smart-home’s security?

  1. […] I’ve mentioned in previous posts (here and here), the IoT industry is full of security holes, inherent from the fact that it’s a […]

    Like

  2. […] I’ve mentioned in previous posts (here and here), the IoT industry is full of security holes, inherent from the fact that it’s a […]

    Like

  3. […] realized without the security and privacy controls to go with it. There are many reasons for you to worry about your smart-home’s security, because insecure IoT device will effectively enable malicious hackers to remotely monitor your […]

    Like

  4. […] But while IoT gadgets have the power to make our homes smarter, they also have the potential to make them less safe by introducing new attack vectors for hackers to target us and make our lives a living […]

    Like

  5. […] But while IoT gadgets have the power to make our homes smarter, they also have the potential to make them less safe by introducing new attack vectors for hackers to target us and make our lives a living […]

    Like

  6. […] But while IoT gadgets have the power to make our homes smarter, they also have the potential to make them less safe by introducing new attack vectors for hackers to target us and make our lives a living […]

    Like

  7. […] so many vulnerable IoT gadgets at large, there are many reasons for you to worry about your smart-home’s security. And with IoT devices multiplying at a chaotic pace, you’ll soon be hard-pressed to control and […]

    Like

  8. […] noted in Ben Dickson’s blog, much of the worry stems from the fact that Things on the IoT may be smart, but they are not […]

    Like

  9. […] utility and opportunities provided by the Internet of Things (IoT) have been shadowed by grievous security and privacy tradeoffs, which have become a focal point of attention for the tech industry in the recent […]

    Like

  10. […] utility and opportunities provided by the Internet of Things (IoT) have been shadowed by grievous security and privacy tradeoffs, which have become a focal point of attention for the tech industry in the recent […]

    Like

  11. […] utility and opportunities provided by the Internet of Things (IoT) have been shadowed by grievous security and privacy tradeoffs, which have become a focal point of attention for the tech industry in the recent […]

    Like

  12. […] utility and opportunities provided by the Internet of Things (IoT) have been shadowed by grievous security and privacy tradeoffs, which have become a focal point of attention for the tech industry in the recent […]

    Like

  13. […] utility and opportunities provided by the Internet of Things (IoT) have been shadowed by grievous security and privacy tradeoffs, which have become a focal point of attention for the tech industry in the recent […]

    Like

  14. […] utility and opportunities provided by the Internet of Things (IoT) have been shadowed by grievous security and privacy tradeoffs, which have become a focal point of attention for the tech industry in the recent […]

    Like

  15. […] utility and opportunities provided by the Internet of Things (IoT) have been shadowed by grievous security and privacy tradeoffs, which have become a focal point of attention for the tech industry in the recent […]

    Like

  16. […] utility and opportunities provided by the Internet of Things (IoT) have been shadowed by grievous security and privacy tradeoffs, which have become a focal point of attention for the tech industry in the recent […]

    Like

  17. […] utility and opportunities provided by the Internet of Things (IoT) have been shadowed by grievous security and privacy tradeoffs, which have become a focal point of attention for the tech industry in the recent […]

    Like

  18. […] issues is not, because it is spilling tons of private data online, is threatening to open up security holes in places never imagined previously, and can even compromise the health and threaten the lives of consumers in some cases. All of these […]

    Like

  19. […] and unprecedented opportunities offered by the Internet of things (technology operations) through serious security and privacy tradeoffs , which became the focal point of attention to the technology industry in recent months. […]

    Like

  20. […] just so much that needs to be fixed. I’ve written about consumer-level solutions that help address IoT security issues in home networks. I’ll be tackling this issue again in my future […]

    Like

  21. […] Of special concern are smart homes, which are lacking the IT security infrastructure that organizations and tech firms are equipped with, house some of the most vulnerable devices, and can become attractive targets for malicious actors. […]

    Like

  22. […] several tech firms are drawing on this to offer solutions that enhance IoT security, especially in smart homes, where there are no defined security standards and […]

    Like

  23. […] several tech firms are drawing on this to offer solutions that enhance IoT security, especially in smart homes, where there are no defined security standards and […]

    Like

  24. […] several tech firms are drawing on this to offer solutions that enhance IoT security, especially in smart homes, where there are no defined security standards and […]

    Like

  25. […] several tech firms are drawing on this to offer solutions that enhance IoT security, especially in smart homes, where there are no defined security standards and […]

    Like

  26. […] several tech firms are drawing on this to offer solutions that enhance IoT security, especially in smart homes, where there are no defined security standards and […]

    Like

  27. […] several tech firms are drawing on this to offer solutions that enhance IoT security, especially in smart homes, where there are no defined security standards and […]

    Like

  28. […] several tech firms are drawing on this to offer solutions that enhance IoT security, especially in smart homes, where there are no defined security standards and […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s