The convenience of smart home automation is alluring to consumers, but also inherently risky. Smart home automation creates an ecosystem of connected devices, giving users complete control over their surroundings.
But like anything connected to the internet, every smart device is an access point for unauthorized external actors. Personal data can be exposed, and home integrity can be compromised via these devices, which are proliferating.
At present, though, many smart home devices lack sufficient security measures. And even if protections are available, people are often unaware or skip these protocols to enjoy a more streamlined experience.
This article outlines the vulnerabilities of smart home automation and how both consumers and companies must take steps to mitigate these risks.
People must be conscious of the risks that smart devices introduce to the home. It’s ironic that, while smart home security systems are the most popular type of connected device, each smart lock is a potential attack surface.
The more devices that people integrate, the easier a smart home is to infiltrate. For example, bad actors could use an unguarded smart device to:
The security vulnerabilities of many home automation systems have already been discovered.
For example, a reporter at Forbes gained access to a smart home in Oregon without any hacking expertise. In this case, the smart security system lacked user authentication and also publicly posted links to the user’s home device online.
Experts say that both companies and consumers are responsible for these vulnerabilities.
“Manufacturers race to release these systems without having a good understanding of how they will be used in the wild,” said Denys Poshyvanyk, Professor of Computer Science at the College of William and Mary, in a 2018 AP article.
Companies must develop more robust security measures, and consumers must take the recommended steps to safeguard their home and personal data.
“There are so many devices in the home that affect your security, [and therefore] affect the integrity of your home … It is important to understand the attack surface of such devices and platforms in order to build practical defenses without sacrificing utility,” Poshyvanyk said.
To avoid these risks, people should ensure that any app or software they use relies on end-to-end encryption, or encryption that can only be unlocked by the recipient. Buying from companies with a strong security record also helps to mitigate risk.
All of that said, bringing a home into the online realm is a known risk with yet unrealized consequences. People should be proactive about how they secure their information, especially as its shared across multiple devices and networks.
What makes smart home automation seamless for users is also what makes it vulnerable.
Hackers gain access to smart devices by attacking one of two “routines” – or the interactions between a smart home device and the apps that connect to and control it.
The first routine allows the user to link a variety of devices through a third-party app interface such as Google Home. The configuration details for these interfaces are stored in the cloud and are accessible via the internet.
Often, the only protection for the user’s account is a four-digit PIN code that is easily cracked by cybercriminals. It also assumes that the user bothered to change the PIN code from the default “1234.”
The second routine uses a centralized data storehouse as a switchboard, allowing devices and their apps to communicate over the internet.
For example, when a smart home automation app communicates with a smart lock, the automation app uses an authorization token to access the smart lock.
Presently, authorization tokens are often easily accessed due to a lack of security layers such as end-to-end encryption. In such cases, hackers can open the physical front door to a house through the smart security locks with no special expertise, using only a program that permutates or changes the order of the entry code.
While consumers must be vigilant, developers of smart devices also need to ensure the integrity of these devices.
“We need a systemic effort in terms of properly designing these systems with security in mind,” Poshyvanyk said.
For smart homes to be secure, expectations need to shift on both sides.
Smart home devices are often vulnerable at present, both due to their design and how people use them.
The challenge is to develop more complex authentication protocols and security apps for smart devices while continuing to offer a streamlined experience that encourages adoption.
and get the latest updates