Smart home devices have ushered in a new era of convenience, efficiency, and yes—security. While they certainly promise to make things easier for consumers, there are an increasing number of vulnerabilities associated with IoT devices, especially in the home. For some, the novelty of connected devices is not worth the risk, especially if there is no particular reason for connectivity.
Security has been an ongoing issue—in 2016, hackers from the University of Michigan and Microsoft managed to hack a smart home’s fire alarm, devising a secret pin to open the password-controlled door without so much as setting off the alarm. Often, connected devices like appliances are vulnerable to attacks because they’re not able to protect themselves via firewall or password.
While coded devices like doors and fire alarms are more likely to have a higher level of protection, they share a wireless network with devices that are vulnerable, creating a higher level of vulnerability for the entire house.
Image courtesy of Pixabay.
Hacking Your Home
The fear exists outside of science fiction novels of the year 2016—recent news is frequently inundated with would-be hacks and privacy pitfalls. On October 26, Check Point Software Technologies announced the discovery of HomeHack, a vulnerability that exposed users of LG SmartThinQ smart home devices to unauthorized remote control of their connected home appliances. Via the vulnerabilities, researchers logged in, took over actual LG accounts, and gained control of vacuum cleaners and integrated video cameras. Once in, they were able to control any appliance associated with the account, which included ovens, dishwashers, refrigerators, air conditioners, and washing machines and dryers. Potential hackers could then spy on users and turn machines off and on at will.
Check Point head of products vulnerability research Oded Vanunu believes that the focus of hackers is set to shift. “As more and more smart devices are being used in the home, hackers will shift their focus from targeting individual devices to hacking the apps that control networks of devices. This provides cybercriminals with even more opportunities to exploit software flaws, cause disruption in users’ homes and access their sensitive data,” he said.
Vanunu also cautions users to be aware of potential security and privacy risks associated with IoT devices and believes it is essential that IoT manufacturers focus on preventing these attacks through robust security systems, beginning with software and device design.
Image courtesy of LG.
The Newest Addition to the Smart Home Phenomenon
But perceived security risks don’t appear to be slowing companies down. In fact, Amazon recently announced the introduction of Amazon Key, expected to be out and fully functional by November 8. The service, exclusively for Prime members, allows Amazon delivery couriers to access your house when you unlock the door remotely. The company says the service will pave the way for the 1,200 or so other services they hope to provide, including house cleaning and pet sitting, in which the partnered service provider will access your home when you’re not there.
The service works like this: Amazon gives you a window of possible delivery time, the driver arrives and confirms that the package/location match by scanning a barcode that communicates with the cloud, you allow them remote access to your home, they enter and leave a package, or eventually, clean/walk dogs/water plants, etc.
If this sounds creepy, it is because it is. Amazon has attempted to quell privacy concerns by giving the accompanying Cloud Cam a few extra features—a green LED light that blinks while it records, only 24 hours of video storage on the cloud unless you pay for more, and encrypted video files. But these privacy features seem to exist more for the delivery and service people than for the consumer, who still has to deal with the reality of someone entering their home.
Image courtesy of Amazon.
More Than Just Convenience
In an editorial that piles criticism on the Amazon Key, and the greater machine that is Silicon Valley, Christine Emba, emphasizes that consumers expect more, especially in terms of privacy. She writes, “The thought process of Silicon Valley innovators are a curious thing. Many observers have noted that the most common proposals seem to fall into the category of ‘things that I, a 25-year-old man, wish that I could still get my mother to do for me.’ But even more eyebrow-raising is the fact that many of these ideas share a curious misunderstanding of the average person’s hierarchy of goods—what things matter to them, and how much. It may come as a surprise to those who are willing to live in Google’s parking lot and drink Soylent meal replacement instead of eating real food, but some of us care about more than just convenience.”
The Challenge for Engineers
The era of smart homes and proliferating connected devices places intense demands on the engineers who design and evaluate these systems. Products that previously had no security concerns whatsoever are now subject to malicious attacks, and increasing layers of complexity and interdependency may allow minor hardware or firmware flaws to create surprisingly serious problems. Design teams will need to consider new measures for ensuring that circuitry and code are robust against failures and hackers, and manufacturers will be expected to expand the availability of products and firmware libraries that have been designed with security in mind.