Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Without proper security measures, smart homes are just begging to be targets

Grant Hatchimonji | March 18, 2014
As our world becomes increasingly connected via the Internet, it only seems logical that the interconnectivity would eventually permeate our homes. "Smart devices" like alarm systems, locks, thermostats, and more that can be controlled over the Internet are gradually gaining visibility and creating legions of "smart homes." For all the technological advancements, however, it would appear that our houses are simultaneously becoming more vulnerable.

Heffner said that with other targets like PCs becoming better protected, attackers are more likely to target newer devices that users haven't properly learned how to secure yet, thereby making them more attractive targets.

"I think an increase in attacks along with adoption rates is pretty inevitable and we're already seeing that," he said. "You're already seeing large exploits targeting things like home routers. Things like that are only going to increase as the number of targets increase and as attackers realize how critical these devices are."

Despite the potential for creating vulnerabilities in one's network by using smart devices in a home setting, both Heffner and Irvine believe that as long as users are responsible, they can be implemented in a safe and secure manner.

"I think there's a lot of work to be done, but it comes back to your threat model," said Heffner. "If your network is reasonably secure and you keep these devices on your network, they're relatively secure even if there's a vulnerability in them. So yes, there are certainly steps users can take to make sure any vulnerabilities are mitigated."

[Smart grid (in)securities]

Irvine also argued that the security of the devices, at least as the situation stands now, falls squarely on the shoulders of the users. Without proper care, people can — and do — fall prey to these kinds of attacks.

"There are secure ways to implement home automation systems, [but] I don't believe any of those are being done," said Irvine. "Rather than having your home automation systems on the same Wi-Fi as your PCs and smartphones, I would want a completely different segment that had no direct access to the rest of my internet. There are ways to do that."

So if it's up to the user to secure such an enticing attack vector, how can they go about doing that and avoid having their entire networks infiltrated?

"First and foremost is creating user IDs for each account," said Irvine. "Don't use the same email address or user ID for everything, or at least use different information for different categories. In other words, don't use your bank ID for your home automation, as well as Facebook." The same goes for passwords, he said, which should not only be different, but also complex (alphanumeric, upper and lower case letters, etc.).

Some of Irvine's other device was equally simple, like keeping both systems and anti-virus updated at all times. "When Microsoft says there's a patch, install it," he said. "These companies have found vulnerabilities in their systems, so they get updated."

Finally, for the especially cautious, he suggested taking a somewhat more complicated approach. "If you are connecting to any type of home automation system that allows remote access, do it across a VPN," said Irvine. "Make sure the vendor allows for a totally encrypted connection. That should keep you more secure than the average person."

 

Previous Page  1  2  3  4  Next Page 

Sign up for MIS Asia eNewsletters.