Imagine a typical day made simpler: While thinking about dinner at work, you access your refrigerator to see what ingredients you have. Your oven then does a recipe search and sets the cooking time and temperature.
The garage door opens automatically as your car approaches the house, and closes itself behind you. When you walk inside, the temperature is already adjusted to your comfort level and your washing machine has perfectly timed your laundry cycleâs completion.
These technologies are quickly moving beyond imagination and becoming reality thanks to the Internet of Things (IoT). The connected home offers homeowners unprecedented convenience, but with devices able to remotely track when residents are out of the house, monitor household activity through embedded cameras, and provide keyless entrance, security and privacy are crucial.
âLooking at the rate at which new products come to the market and the connectivity outside the home, all of the sudden thereâs a lot of personal information being transmitted over the Internet,â says Hagai Feiner, founder and CEO of Access Networks and member of the Custom Electronic Design & Installation Association (CEDIA) board of directors.
And according to Feiner, this issue will only continue to grow.
âThe more intertwined those devices are into our lives, the more risk is present,â he explains. âItâs becoming a bigger issue as we have more and more devices that are looking at our patternsâand this is where technology is going. The more products we have that are learning and that transmit to the Internet, the more risk we have of those devices being hacked and information being held by rogue identities.â
Vulnerabilities Abound
The market has grown quickly, and device security needs to be part of the conversation. That need led HP Fortify on Demand to create the IoT Top 10, an educational effort designed to explore the main security problems for IoT devices and help prevent them, says Daniel Miessler, practice principal, Fortify on Demand, HP Fortify.
âWhen people were talking about security, it was one issue in isolation ⊠They werenât talking about it very holistically. There was nothing that really took a look at the various problems that could occur and how often they are happening.â
Fortify on Demand recently used their IoT Top 10 list as a benchmark for a study that tested 10 of the most popular consumer connected home devices. A startling 70 percent of the devices presented serious vulnerabilities, with an average of 25 vulnerabilities per device and âmajor issues across all 10 surface areas,â Miessler says.
Eighty percent of the devices tested raised privacy concerns. Most devices collect some form of personal information, which can include addresses, health information or credit card numbers. With data being transmitted (often unencrypted) over usersâ networks, and across mobile apps and cloud services, a data breach is far from an impossibility.
Additionally, 80 percent of devices failed to incorporate strong authentication measures, allowing weak passwords such as â1234â or using poor password recovery mechanisms. Sixty percent demonstrated an insecure web interface, and the same number did not implement protection for software files.
Guarding Against a Data Breach
With such realities in mind, CEDIAâs membership is taking an active role in monitoring these devices and their capabilities.
âIn years past, we would look at physical security; now, weâre looking at digital security,” says Feiner. “Who has access to what? What do these products do, and are these products safe? Who is going to control the remote access to the home? As we progress, the integratorâs work is going to continue and focus on the safety of the homeowner.”
For homeowners, Feiner and Miessler agree, the best defense is awareness. Itâs crucial that they understand their electronics and how to best configure them, Feiner says. âHomeowners need someone who understands integration and which products to go with to minimize the risk.â
To guard against allowing attackers access to sensitive information, homeowners should use strong authentication measures to secure their infrastructure and utilize the option to set up multiple networks.
âWhat is a little bit alarming about the Internet of Things is that youâre basically taking these vulnerabilities and combining them together into one product set, and then deploying that on your network,â Miessler adds. âWhen you get ready to deploy the devices, deploy them on the âdirtyâ networkâput them out there onto their own network ⊠where they arenât allowed to talk to your internal systems.â
A global survey on the IoT released by Fortinet in June indicates that homeowners are indeed thinking about security: 68 percent of U.S. respondents identified as âextremely concernedâ or âsomewhat concernedâ about possible data breaches. Fifty-seven percent said that data privacy is important to them and they have misgivings about the potential use of their data, and 67 percent said that they would feel âcompletely violated and angryâ should their data be surreptitiously collected and shared.
In spite of these concerns, the technology isnât likely to go away. The home automation market is expected to grow to $16.4 billion by 2019, with an estimated 26 billion connected units by 2020. Homeowners are willing to pay for it: Only 25 percent of U.S. respondents in Fortinetâs survey indicated that they would âdefinitely notâ be willing to pay extra for a wireless router optimized for smart devices.
As our lives increasingly move online, questions about security and privacy will continue, but it seems that for many homeowners, the benefits outweigh the risks.
