Is our Smart Home secure?
Last two month I read many articles about smart devices and their problems with security. In general, almost all smart devices don’t have any security features. At the same time, many manufacturers continue to push a message that their devices are designed for local area network that is secure and you should not have any problems if you don’t use a default password in your router. But it’s not fully true and in reality, there are lots of opportunities to hack your home. Let’s look at some problems.
It’s funny but in many cases, it’s too easy to shut down a power system in your house/flat. I can do it for my flat from the public corridor in 20 seconds. If you don’t have any additional power supplies, your smart home is not smart anymore. Of course, you can get a notification from the cloud but you still don’t know if something happens with your home. Even in Canada I had problems with electricity. In ideal case, all your critical devices should have an additional power supply, and your home should be secure even if you have a problem with electricity. Your system should call the police in the case of real threats rather than in the case of a problem with electricity. That’s why it’s better to select devices that use low-energy microcontrollers and protocols.
2). Attacking non-critical components
Even if you have power supplies for all critical components, there is still an opportunity to attack your home using non-critical parts. For example, you can use LEDs. Almost all LEDs can be reconnected to another hub if you turn on/off the power several times. So, you can install your own hub with a better antenna, play with power and hack LEDs at least. How can it help to hack your home? It’s easy, once you arrive home, a hacker can play with your LEDs. If you don’t have much knowledge on how to reconnect your LEDs, there is high probability that you will shut down your hub and call to a service, generating a window of possibilities for the hacker. The problem can be resolved by the hub itself. They should notify a user about potential risks and provide clear recommendations.
3). Poisoned air
If you use Bing search, you will be able to find some devices that you can assemble yourself based on Raspberry or Arduino in order to shut down a local network. Usually, these devices can generate much garbage, sending messages to your router/hub and there is an opportunity to shut down all smart devices. Of course, if you have a really smart hub, it can identify this type of attacks.
4). Multi-standard home
If you have a zoo of devices in your home, a hacker has much more opportunities to attack your home. Devices that can work without a hub and allow you to control them using your tablet or smartphone have the highest risk to be attacked. In this case, there is no device (hub) that can control the availability and any potential problems with a device. The problem can be resolved by companies that can install ready to use smart home. But if you decide to do it yourself, you have to make sure that you use compatible devices based on common standards rather than buying toys that can be managed from your smartphone.
Frankly speaking, I didn’t spent much time, thinking about potential problems. So, you can spend some time working with your smart devices and find additional problems. But it’s much more interesting to see answers and comments from people who design real devices. And here is a bunch of questions:
- Do you use any specific risk framework in order to investigate all potential security risks?
- If you work with security risks, do you emulate potential scenarios using all potential Smart Home subsystem or you just think that your LED is isolated and cannot harm anybody?
- Do you know any security recommendations/standards for Smart Home scenarios?
I don’t have answers for these questions but I am not going to produce 40 billion of smart devices in 4 years – probably, I’ll just hack them.