Smart home systems must be secure by design across products and services and the entire supply chain if the industry is to deliver on its promises and meet ambitious market growth predictions, says a report published by Beecham Research. In its report, ‘Bringing Security in the Smart Home: Approaches and Opportunities’, Beecham Research says that while connected appliances such as entertainment, lighting, home security and heating systems are already finding their way into typical households, there is a very real concern about security and privacy, which is holding back wider adoption.
“Smart homes by their nature introduce connections between multiple systems at multiple touch points and create an intersection between many other systems, including vehicles, energy grids, media streaming and the cloud,” says Saverio Romeo, principal analyst at Beecham Research. “An exploitable vulnerability in the home could lead to more serious breaches in any of the systems it touches, which complicates the security landscape. Whereas traditional network security focuses on fortifying, protecting and monitoring small numbers of routes to the network, an IoT (Internet of Things) environment has too many routes to effectively and economically secure in the same way. So, while many smart home devices are designed to be secure, the connections between them are often not protected.”
The Beecham Research report defines three main areas of risk; end user expertise, new business models and pervasive and persistent insecurity. Many users of smart home technology are not experts and may compromise security through using default passwords, for example, allowing attackers to gain access to home networks and connected devices including PCs and laptops. The problem is compounded by traditional consumer and household product companies rushing to develop connected products and services without adequate security knowledge or expertise – graphically highlighted by the hack of Mattel’s Hello Barbie doll. And with the long lifecycles of home products such as washing machines, attackers have plenty of time to reverse engineer security systems and protocols with the help of manuals and documentation available online.
Beecham Research believes that these fundamental issues need to be addressed to deliver trust in smart homes, building on existing guidelines covering technology and policy along with services and customer support. Concerted efforts by the likes of the Allseen Alliance, Open Connectivity Foundation, Open Interconnect Consortium, the IoT Security Foundation and OWASP (Open Web Application Security Project) are a positive move, but require more attention.