Smart Home Devices Open New Vulnerabilities

By: Brad Russell

Key value propositions for consumers around the smart home are noted as more security, more safety, and easy management of home solutions for communication and controls in the home. Really, the promise of the connected home hinges on the security, safety, and simplicity of protecting this advanced technology from being exploited to harm households.

In 2017, the connected home market has experienced an expansion of the kinds of attacks that have been increasing in recent years. 

Attacks include:

  • Distributed Denial of Service (DDoS) attacks—like the largest-ever October 2016 Mirai botnet attack—will target devices where default password usage provides easy unauthorized access. Ransom attacks, using DDoS as a threat to an organization or ransomware targeting individual consumers, are predicted to continue seeking to extort payment by hijacking control of devices.
  • Permanent Denial of Service (PDoS) attacks, as known as phlashing, seek to destroy the firmware and permanently render IoT devices inoperable. Malicious impact without particular rewards has been enough motive for some hackers.
  • Man-in-the-middle attacks often exploit router or device setup vulnerabilities to gain access to data traffic moving to and from devices on the home network.
  • Phishing scams, increasingly difficult to identify, lure consumers onto fake websites that solicit their login credentials to fix an imaginary problem. According to The Anti-Phishing Workgroup, almost 100,000 email phishing attacks are reported each month. Thousands of people fall for them, divulging sensitive personal and business information in the process.

Investment in data privacy and security by stakeholders in the consumer IoT ecosystem has never been greater. However, vulnerabilities still exist and are highlighted in the news regularly. Parks Associates research finds that nearly one-half of consumers cite strong data security and privacy concerns related to Internet-connected devices. 

Inhibiting Adoption

Security concerns can inhibit adoption for the mass of consumers who need more confidence in connected products.  Whether security solutions are provided at the level of hardware, communication networks, control hubs, routers and gateways, or cloud platforms, these protections are vitally important to the success of IoT providers throughout the ecosystem.

Securing the connected home today is not as much a technological challenge as a product development, product management, and consumer behavior challenge. Current attacks largely focus on the low-hanging fruit of known vulnerabilities. Reliable security technologies and procedures are well-established for ensuring home network security, including best practices for securing routers and gateways, access management, data transport, and data storage at the local and cloud levels.

Many enterprise-grade processes that have been worked out over the years are being deployed in the home. Having product manufacturers and consumers adhere to recommended best practices appears hit-or-miss and future attack strategies require new solutions within IoT security architecture that is flexible and scalable. 

Product Development Challenges

Security and privacy planning is critical to the product development process. Tough decisions abound around the degree of investment into security-related strategy, hardware design, application design, networking protocol selection, platform build-or-buy strategy, integration with third-parties, cloud transfer and storage, and product testing.

Ultimately, the business model and company culture of the manufacturer serve as the foundation for these decisions. A focus on one-off sales of value-tiered devices produces minimally viable products that are a security threat to both the homeowner and the broader IoT ecosystem. On the other hand, deep investment in security by design and comprehensive support throughout the product lifecycle requires a business model that can offset these costs and still provide sufficient return on investment. A trade-off between cost and time-to-market also challenges companies throughout security planning and product testing. The consumer IoT market has seen startups and established manufacturers rush to ship connected products without sufficient knowledge of security threats or adequate plans for how long the product will live.

Another challenge resides in planning for the relationship map of a device and its data to an end customer. The enterprise segment typically has clear management of the user relationship to data, while the connected home provides complex challenges regarding mapping multiple users and their data to devices. This creates access problems and work streams with which many product manufacturers have little experience.


Latest Updates

Subscribe to our YouTube Channel