Smart devices have shown that they are vulnerable to security flaws in the past, so how do we secure ourselves as we move towards smart homes?
Across the world Smart homes are on the rise, with the IoT creating new technological solutions to our everyday problems. As companies like Google and Amazon roll out their smart speakers, collating our devices and apps into easily manageable hubs, smart homes will surely only increase in popularity.
According to ABI Research, by 2020 there will be 40.9 billion active wireless connected devices and this will largely be non-hub devices like sensors. IDC forecasts that by 2020 the worldwide market for IoT will surpass $3 trillion. The growth of these systems in the recent and coming years is astronomical but with all of our personal data uploaded into nebulous ‘cloud’ systems how safe are we and how safe are our homes?
In today’s world, it’s already fairly implicit that someone somewhere is taking our data and using it for scrupulous means. As we transition ever closer to the always online digital future, the danger of our data being exploited will only increase if security concerns go unaddressed.
In 2015, Tripwire’s Vulnerability and Exposure Research Team (VERT) discovered that it was possible to gain access to smart hubs and make the changes they saw fit, such as re-configuring alarm systems, opening locks, and using hardware on the network for Distributed Denial of Service (DDoS) attacks. Similarly in 2016 it was discovered that Google and Samsung, among others, had serious flaws in receiving data transmitted from smart homes leaving it vulnerable.
Direct attacks on our data are one the most immediate digital threats posed today, but when these systems are part of our very homes they take on a far more sinister role.
Avast CTO, Ondrej Vlcek said: “It’s putting a lot of pressure on us. If we can protect at the router level then we are able to protect all the devices on the network because it’s a connectivity hub.”
“In a way that’s the area of focus for us because then we don’t have to worry about the specifics of the devices that are attached to the network, of course the challenge is how to provide meaningful protection on the router level without infecting the other parts of the network.”
The data available to potential hackers is incredibly more personal. Knowing that a smart meter can manage your boiler and how much heating you use means that hackers could even use this data to discern when you take your bath.
Again, this information is not very valuable on it’s own, but it quickly becomes a frightening situation when thinking of the wider implications. It’s quite possible that an unauthorised party could use this data to ascertain your every activity in your own home, and more importantly when you are not at home.
An emerging trend in the hacking world is the use of large scale botnets. Botnets are systems in which huge numbers of internet connected devices become part of a network in order to use their shared power to send torrents of spam emails or to instigate DDoS attacks to overwhelm websites and shut them down.
Perhaps the most infamous Botnet is the Mirai Malware of 2016. Mirai managed to utilise systems running Linux to initiate the 2016 Dyn cyberattack which caused the internet to become unavailable for large swathes of Europe and North America. One of the things that made this botnet so dangerous was how it utilised devices which in the past were traditionally non-digital, such as remote cameras and sensors around the house.
When asked about who should secure these systems Vlcek said: “Is it the consumer? I’m not sure because what’s in it for them? I think this needs to be the responsibility of the industry that surrounds the IoT space, the hardware manufacturers, maybe in cooperation with guys like us.”
“The sad reality though is that these manufacturers are under super heavy pressure on margins and additional investments in better software and security are going against their interests of cutting costs. It’s a pretty difficult problem overall throughout the whole industry that we somehow have to solve.”
Machine learning could prove vital in the fight against these problems. Companies like Avast harvest user data through platforms such as AVG and Avast, which have roughly 400 million users worldwide combined, and input them into systems that can process the best ways to tackle problems and reduce remediation time.
By having access to these huge sample sizes, companies are able to help better protect users through security software. However, a large number of IoT devices found in smart homes simply lack the storage and processing capacity to run the programs necessary to ward against these digital incursions.
Machine learning can alleviate the requirement for these systems by observing the data patterns from a central hub and create new behaviours designed to protect the devices. Though this is only partial security and offers limited protection, there are plenty of other methods that can be used to infect a home network.
Vlcek added: “Machine learning really is a big part of what we are doing, we use the data to teach the machine network. It’s really a shift that happened in the entire industry and something most security companies today use.”
“It allow us to make decisions faster and more reliably because of the vast user base that we have.”
A study by Broadband Genie found that the general public is still largely opposed to smart technology and almost two thirds voiced concern regarding it’s retention of their personal data. The same study also showed that much of the public is vastly uninformed on the topic of smart technology and it could be that the lack of knowledge regarding data usage is a part of the hesitancy.
Perception problems like this need to be rectified and the systems explained properly as we move further into smart home technology. Machine learning and AI can be scary concepts but if it can be clearly demonstrated how they protect us by using our data for us, rather than against us, then it stands a better chance in the eyes of the public.