In the rush to enter the smart home market, OEMs are inadvertently creating major security risks.
The global smart home market is expected to reach at least $40 billion in value by 2020. Perhaps not surprisingly, OEMs are inadvertently creating major security risks in their rush to market by shipping smart home products with inadequate security and unpatched vulnerabilities. As ABI Research Analyst Dimitrios Pavlakis notes, ignoring cybersecurity at the design level provides a wide-open door for malicious actors to exploit smart home products.
Nevertheless, an estimated 80% of IoT devices are vulnerable to a wide range of attacks.
For example, a connected home door lock is designed to collect and transfer data to the cloud about the entry and exit habits of family members. This can be exploited if the smart door lock device is compromised by cyber criminals. Similarly, a smart thermostat that collects usage data for real-time energy optimization must be designed to protect information from unauthorized access that could indicate a home is empty – making it an ideal target for burglars. Even connected baby monitors are vulnerable to digital intruders, as a number of horrified parents belatedly discovered when hackers spoke to their young children via compromised devices.
Common cyber security threats and attacks against smart home devices include data and theft, man-in-the-middle, device hijacking, Permanent Denial of Service (PDoS) and Distributed Denial of Service (DDoS).
In terms of the latter, a Denial-of-Service Attack (DoS attack) attempts to render a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Meanwhile, a Distributed Denial-of-Service attack (DDoS) sees incoming traffic (originating from multiple sources) flooding a target, making it difficult to stop the cyber offensive by simply blocking a single source. In fact, DDoS attacks doubled from 3% to 6% in 2016, primarily due to the lack of security in IoT devices. This isn’t surprising, especially as infected devices are forced to join vast botnet armies that execute crippling DDoS attacks.
There is obviously no shortage of threats targeting IoT endpoints. As such, connected smart home devices should be protected by a comprehensive IoT security solution (device to cloud) that does not disrupt an OEM’s profitability or time to market. A practical and simple, yet secure solution that can be easily and widely adopted by OEMs and services is more effective than a ‘super solution’ that will inevitably fail to gain serious traction. More specifically, a comprehensive IoT security solution should offer secure boot, mutual authentication, secure (encrypted) communication, as well as agnostic capabilities that are scalable and interoperable across multiple devices.
In conclusion, the widespread use of connected smart home devices has created an attractive target for cyber criminals and other unscrupulous operators. Smart home security should therefore be viewed as a primary design goal, rather than a tertiary afterthought. To be sure, consumers increasingly expect their devices to be protected out of the box, with seamless over-the air-updates (OTA) implemented securely. However, OEMs need to be assured that securing smart home devices is not an insurmountable goal that negatively impacts profitability or time to market. As such, smart home devices should be protected by a turnkey security solution that can be easily implemented, maintained and upgraded to meet the evolving challenges of a dynamic threat landscape.
We need better security measures for sure for almost everything connected.