• Cybersecurity
  • IoT
  • Smart Home Technology

Smart Home Devices and Platforms Need a Major Security Overhaul

Neil Strother
Jan 02, 2019

Connectivity 10

It is time for a major overhaul of smart home security—time for a more robust approach to reducing the vulnerabilities found in today’s so-called smart devices and systems. Here is why: mounting evidence that current security methods are too weak.

First, a team of computer scientists at William & Mary has concluded that smart home products have significant vulnerabilities after testing some of the more popular versions. The scientists say platforms like Google’s Nest or Philips’ Hue have security flaws that could have serious consequences for the integrity of a user’s physical environment. They recommend vendors rethink the way their devices interact in the home.

A Problem in Data Storage

According to the William & Mary scientists, a problem arises with how these products and many other smart home platforms store data. The platforms rely on a centralized data store that acts like a switchboard among apps, enabling devices to communicate via the internet. The problem is this data store enables hackers to access all devices in the home. For instance, a hacker that is able to penetrate a third-party lighting app could modify a data store variable that a security alarm uses, thus compromising the alarm system. With disparate products from multiple vendors interacting in a home and creating flaws in the security, a result could be a systemic failure of many smart home systems.

Second, the near-term future for smart home security appears bleak. McAfee, an antivirus software maker, predicts that voice-controlled digital assistants, smartphones, and tablets will be among the main vectors of attack for cybercriminals in 2019. The company also says hackers will continue to target edge Internet of Things devices due to static password usage and limited security.

Third, the newly created Canadian Centre for Cyber Security has noted a shift among cybercriminals; they have changed some of their focus from targeting traditional computers to internet-connected home devices. In its 2018 threat assessment, the group identifies things like internet-connected home appliances, thermostats, televisions, and cars, which have become attractive targets.

A Swift Call to Action

It seems clear that the current devices and smart home platforms need a security upgrade. The good news is, attacks on smart home equipment so far have not resulted in any reported widespread harm, whether physical or financial. This does not mean damaging attacks won’t occur, however, and the need for better defenses is apparent. (For more on what Navigant Research has written on this topic, see these two reports: Managing IoT Cybersecurity Threats in the Energy Cloud Ecosystem, and Cybersecurity Will Define Market Leaders in the Intelligent Buildings Market.) This is not a rant about the current situation, but rather a call to swift action based on what is happening in the market. To their credit, the Williams & Mary team is said to be working with vendors like Google and Philips as well as app developers to harden their platforms. To that I can only say we need to see more of this kind of effort, so consumers can have a greater sense of confidence in their safety not being an afterthought.