Sign up for our newsletter
Technology / Cybersecurity

Plug and play, dispose & educate: How to secure the smart home against cyberattacks

The smart home segment has exploded; however, crucial questions around devices’ security could potentially lose the promised opportunity of a $72 billion industry by 2017.

Last week the consumer space was flooded with hundreds of new smart inventions brought to CES by all sorts of companies. At the same time, giant Google saw its smart home Nest product being attack by a software bug that was shutting down thermostats at users’ homes.

In addition, last week, researchers found a security flaw on Comcast’s XFINITY security technology that instead of protecting homes, could in fact help robbers to enter more easily.

This follows when, in 2015, the industry was told that smart home hubs could put families at risk of not only virtual attacks but also physical ones.

White papers from our partners

Speaking to CBR at the time, Jason du Preez, CEO of Privitar said that people need to be aware that any information shared, implicitly or explicitly could fall into the wrong hands.

He said: "We should think carefully about which services we use, who we share with and how we express our preferences. We need to think carefully about transacting with organisations that cannot prove they have the right governance, controls and systems in place.

"If users are to have any confidence that their private information will remain private, companies need to think very seriously about how they protect and anonymise user’s data."

All in all, the IoT comes down to build a trusting relationship between man and machine, and that trust is mostly built on security and privacy.

Yet, a shocking report from December revealed that 85% of IoT network devices use copied code, putting in jeopardy the future of the movement itself as it leaves devices vulnerable to attacks.

In the wake of a recent study that has found that as many as 56% of Brits are interested in the ability to manage or automate parts of the home remotely via a smart device, CBR spoke with Adam Simon, Global MD Retail at CONTEXT.

Following a 30% growth in the number of connected homes, security conversations around how to secure the devices and the services around these devices is a hot and unquestionable topic at the moment.

Simon said that one of the main aspects manufacturers need to consider is the secure disposal of devices once the end of their lifetime is reached. However, how do you dispose of a kettle that contains an IP and potentially could help intruders enter a house?

He said: "For example, Dixons said that their knowhow division will securely wipe all data from devices given back to them. There is this kind of nightmare scenario of people dumping their kettle in a skip, and that kettle has all the IP addresses and passwords in there for someone to get into your home.

"I would take it to my local Dixons, to the knowhow department and ask them to wipe that out for me. At the end of the day, I am sitting at home with legacy devices because I am afraid of what is going to happen. It is a problem. As everyone talks about the explosion of IoT, then we have to think how we dispose of these things securely."

In the UK, the British firm has found that the top three security fears with smart home technology is identity theft (63%), fraud (57%), and misuse of devices (55%). Three areas intrinsically linked to the safe disposable of devices.

"On one hand it is a break on people buying because of security issues. 60% of people [in Europe] do not know enough about smart home products, they need to be educated. It is a journey that goes through education, and then purchase, and people are trying to jump straight into purchase, without knowing. If you go to a typical retail store there is no one explaining to you how something works."

Another neglected piece of security is the ‘plug and play’ functions manufacturers are seeking to deploy on devices. "The plug and play is a big dream to have. Nevertheless, if you put your security on the line, that might be an issue. It should be harder [to get devices up].

"If a product comes to your home and really is ‘plug and play‘, it means you probably have not secured it. We would like it to be a bit more difficult in the setting up of the product, and that is because from the beginning that product has been designed to be secure."

While companies do not address these issues, the smart home market in Europe fails to gain traction from consumers.

As a result, 80% of Europeans have no intention of buying smart home products in 2016 while 57% agree that they would like to learn more about the smart home, according to CONTEXT’s survey of over 2,500 people in the UK, Spain Italy, France and Germany.

Click next to read about the Smart home cybersecurity manifesto.
This article is from the CBROnline archive: some formatting and images may not be present.