A survey on smart home and cyber-security, entitled “Behind our Digital Doors: Cybersecurity and the Connected Home”, revealed among other facts that 67% of the respondents possess between 1 and 5 Internet connected home devices, while 30% have 6 or more devices and 5% of households have 11 or more devices.
The study belongs to Zogby Analytics, and was commissioned by ESET and NCSA. It was an online survey conducted on 1433 adults in the US.
Analyzing the reported results, SC Magazine concluded that the connected consumers are predominantly confident in their cyber-security when it comes to their personal devices and their smart household appliances and gadgets – even though their tech is actually not safely protected. People are practically living with a false sense of cyber-security, without taking the time and the interest to improve their knowledge on the subject.
Yet connectivity is on the rise. Smart home gadgets, remote-controlled devices, services and living/working environments will become more and more common – determining an increase of the cyber-risks issues an extended vulnerability.
Fighting cyber – risks with cyber-awareness
Digital technology started its worldwide expansion once it became user-friendly. It kept going in the same direction, shaping almost all complicated technologies into easy-to-use and beautifully shaped devices. The downside of this trend is that most of the times we do not grasp the complexity of the digital objects we use in our daily lives. Comprehending the bigger picture tech-wise, as well as the inherent dangers would be an activity that we should consciously insert in our tight schedules. Stop, get informed, contemplate, and protect your cyber-environment the best you can .
With October being National Cyber Security Awareness Month, DHS addressed for the fifth year in a row the campaign entitled “Stop.Think.Connect” to all concerned parties – from individuals to NGOs. The campaign online resources are available here – and it’s a good place to start getting informed.
As another publisher put it, with the Internet of Things straight ahead of us, it is high time to raise cyber-security awareness unless we want it to become the Internet of Threats.
Smart home and the weak entry points
The first and foremost vulnerability in a connected environment is an uninformed owner. Of course, setting up your network may be entrusted to a professional, but, nevertheless, each smart home owner should know at least the most important points to check when maintaining his environment at the optimal cyber-security level.
Webcams are vulnerable to hacking – and in 2014 this was undeniably demonstrated when a website streamed live international footage from over 250 countries.
Smart TVs are susceptible of hacking, and the attackers may leak personal videos or use them for identity theft.
Any system of e-payment associated to a smart home may theoretically be under cyber-attack, turning a virtual smart order-and-deliver system into a bureaucratic nightmare where one has to prove it was not his intent to make the spoofed-identity purchases.
We have also seen in 2015 that smart cars are vulnerable to remote attacks that may take over the steering system.
To summarize, basically any connected piece of technology raises the risk of being hacked. However, it depends on people to reduce the chances for less sophisticated attacks and to keep at bay the more sophisticated ones.
We are less vulnerable once we build healthy habits that allow us an optimum degree of control over our connected environment. When the core of a system is secured and allows maintenance and control, security-wise, adding new devices should not present new security risks – that’s when the system is soundly built in the first place.
Who accounts for smart home’s vulnerabilities?
The producers of home automation devices do not seem to put cyber security among their priorities. A risk assessment conducted on the industrial supply chains by the strategic consulting firm Booz Allen Hamilton revealed that there are lacks in sourcing and tracking cyber sensitive components, accountability gaps between the suppliers of integrated processes and the manufacturers (in what cyber-security is concerned), as well as limited controls over the sensitive data and transactions inherent to the supply chain. This makes it possible for malicious functionality to exist right from the start. Establishing international universal standards and supplier certification would be a step forward to increase confidence and lower the risks of providing items with zero-day vulnerabilities or security flaws.
Internet providers account for network security and it depends on them to make sure no open ports and vulnerable points are left available for intruders. There are protocols that serve reducing the risks and protect the home and business automation systems against attacks.
Cyber-security itself is constantly trying to improve – we have presented in another article the Software Defined Perimeter. Acting as a virtual firewall, SDP camouflages an entire system. The professionals in this field may offer services of assessment, protection and maintenance for the connected homes.
Individuals that care about their safety and the safety of those interconnected are the main factors in taking action against cyber-intruders. As network users, office owners or parents, those who use connected living/working spaces should be well aware of the dangers and mitigate the risks.
Continuous protection against smart home invaders
Although it may sound tedious, continuous protection is not necessarily something to do every day. It represents setting up a set of rules – following a minimal documentation on the subject.
First, one must start from the idea that any private information on himself might present interest for a possible cyber-attacker. It might seem far-fetched – but it is not.
Reading this article and other online available information may represent exactly the kind of information to build upon.
Asking your network provider for your security enhancement options, or requesting the device provider/manufacturer to inform you of the key features to set up or check would be a further step.
There are also specialized services provided by cyber-security companies.
On this background, we should develop daily habits that protect our connected lives: have personalized passwords (many survey subjects admitted keeping the factory passwords for their devices), discretion concerning the way we manage connected system sensitive data. Synchronization increases the pressure of sealing off any end points – it suffices a vulnerable entry point and all connected devices are available to an attacker.
All system users should follow a previously established minimal set of rules when it comes to keep a connected home or office protected.
