Smart homes can be dumb when it comes to security

SkyTek Series: Regulating U.S. Drone Risk [Regulatory News]
July 27, 2015
Lending and fintech
Lloyd, Can You Spare a Dime?
August 6, 2015

Smart homes can be dumb when it comes to security

connected smart home house

With home automation systems becoming ever smarter and more connected and with an increasing number of homes coming “online”, one could posit that our day-to-day life is becoming more convenient and more efficient. Of course, once could also point out that our everyday routines are becoming ever more accessible to others.

The risks associated with porous smart systems represent a communications challenge that if left unchecked could cause reputational damage if the right content isn’t in place for use both proactively and in times of an actual crisis. Indeed, the risks, and/or data use of smart systems, require not just different products and capabilities to manage them and keep them in check, but different approaches to communicating about those products and capabilities.

The benefits of automating one’s home are clear (and cool), but it’s important people become aware of what they might be giving up in return. And, make no mistake; what is being given up is data.

People know their data is valuable, but what they might not always consider is that it can be valuable to different entities for wildly different reasons, ranging from the slightly unnerving, to the creepy, to the downright dangerous.

Take, for example, a home automation platform that knows which specific household member is home at any given time. The platform can conveniently and often seamlessly adjust the home’s temperature and lighting to that person’s preferences. Meanwhile, the platform supplier has valuable data that could be used (or sold to firms who could use it) for knowing the best time to display certain individualized ads on the home’s connected smart TV.

That’s not farfetched, in fact, it’s already been done. Over a decade ago telecom companies were exposed for selling home internet usage data (indicating when people were at home) to telemarketing companies so they could call when people were around to pick up the phone (always at dinner!). Imagine how much easier and more highly targeted a fully connected home could make it for companies trying to sell you things.

Already this year there has been some media coverage of companies admitting their smart TVs would record your living room chatter and might pass those in-home conversations on to third parties.

Corporate surveillance for advertising purposes isn’t the only fear people have when their home data is being transmitted. Another very legitimate concern is crime, both of the cyber and burglar variety.

Indeed, each smart device a person adds to their home can be thought of as the equivalent to adding another door or window. Without the proper embedded security within the device, the lock might be nonexistent.

Connecting things to the internet is easy, securing that connection can be hard, and that’s where many “smart devices” are still relatively dumb.

Symantec recently surveyed several home automated systems like smart thermostats, locks, light bulbs, smoke detectors, energy management devices, and hubs, noting that the results were “sobering.”

Security on most devices tested was found to be severely lacking or even sometimes nonexistent. Case in point, Symantec found that one in five devices did not encrypt communications and many did not lock out attackers after multiple password attempts.

It’s not even just hardened cyber criminals people need to be wary of. A recent Reddit thread had a user boasting about how he got revenge on a cheating ex by taking control of her home thermostat, jacking up temperatures while his ex and her current lover were away and lowering it again once they returned home, to hike up their electricity bill. Now imagine the same jealous lover could gain control of the home’s smart locks or dropcams. Scary stuff.

Even more terrifying is the tale of a couple in Cincinnati whose baby-monitoring camera was hacked and controlled by a virtual intruder.

The couple woke in the middle of the night to sounds of a male voice screaming from inside their baby daughter’s bedroom. Rushing in, they found the camera pointed straight at them and the “intruder” screaming “wake up baby” and a host of obscenities – this, from a device primarily created to put parents at ease.

FTI believes these challenges – and individual company responses to them – represent a significant opportunity for firms in the space to improve their reputations for innovation.

An excellent safety record is only as good as public perception, and even the occasional mishap shakes the very foundation of that faith.

Experts say the biggest security issues with smart devices usually occur with DIY home automation; people installing a camera or lock and then forgetting about it. Even if a manufacturer sends emails warning about issues, or recommending software patches, people can forget to take heed or apply them. If they had a similarly huge hole in their fence or no locks on their doors, they would certainly fix it, but because they can’t physically see the security breach, many ignore it until it’s too late.

Even the U.S. government has started to show some concern, getting the FTC to declare better oversight of the industry through the introduction of a new Bureau of Consumer Protection division – the Office of Technology Research and Investigation – which will be tasked to oversee everything smart device related, from Apple Pay to Nest.

Whether the government will be able to keep pace with the rate at which smart devices are launched and updated, however, is highly doubtful.

FTI believes that for any company to benefit from legitimate stakeholder confidence in smart-home technology, the enterprise must invest not only in the technology itself, but also in judicious use of digital content and communications to help manage perception across political, legal and media fronts.

Hacking, spying and vengeful exes aside, another thing to take into account in an increasingly automated home is the crippling effect of internet outages (in addition to the regular power outages many homes often suffer). This could prove a boon for telecom companies who sell “backup data” packages to families lest their home network fails.

All in all, like most things, it’s important that people have an awareness of their privacy, security and where their data is going. Optimally, smart home security should be solved at the device and system levels with companies designing devices and cloud architectures with security in mind from the get-go, rather than as an afterthought. It should, to be blunt, be seen as a core function of the business.

Standards-setting is a proven risk‐mitigation response to unregulated, emergent technological ecosystems and FTO believes smart-home related businesses have a significant opportunity to address both safety and privacy concerns by exploring – individually as well as collectively – standards-based initiatives.

In addition, a systematic array of branded, shareable and searchable information that pre-empts risks and perceptions could help companies inoculate themselves and improve their reliability profiles.

Until consumers feel safe however, the best way to avoid being hacked is probably to have a secure network and hire a custom integrator that is both knowledgeable and ethical. And to be aware. Always be aware. Your data is precious.

Sylvie Barak
As a former tech and hardware reporter, ex-military spokesperson and digital content specialist, Sylvie drives much of the sector’s most front-line work with reporters and key online audiences. An excellent writer and tactician, she also brings many of our campaigns to life.

Leave a Reply

Your email address will not be published. Required fields are marked *