from Dirty devices drag down smart home security
by IoT Now Magazine
Smart homes are composed of a growing array of devices that connect to home owners and their makers to share data and perform functions from HVAC control and access control to pet monitoring and many more. Different apps have different levels of security sensitivity and also offer different value to users and therefore are sold at different price points. George Malim assesses how this complex and fragmented smart home environment can be best secured while also delivering maximised benefits.
The Avast 2019 Smart Home Security Report, which used insights from more than 16 million smart home networks across the globe, has found that: 40.8% of digital households worldwide have at least one vulnerable device, putting the whole home network at risk; 59.7% of household routers worldwide are vulnerable; and that, apart from routers and network devices, media boxes, security cameras and printers are the most vulnerable household devices. Smart home security is therefore already a massive issue and one that is only going to exacerbate as greater smart device adoption occurs.
This reality is largely unrecognised by home owners, who have embraced the technologies and glossed over the risks. An online survey of more than 10,000 respondents conducted by Palo Alto Networks and YouGov uncovered mixed views on the perceived security of Internet of Things (IoT) technologies, such as smart home devices and wearables: 38% of EMEA respondents believe them to be secure, with a similar number (43%) thinking the opposite.
So, are smart home devices creating security weaknesses for criminals to exploit?
“In short, yes,” says Keiron Shepherd, a senior security systems engineer at F5 Networks. “Any devices connected to your home network or with internet access can be a stepping stone to more interesting targets, for example banking applications or social media accounts. To illustrate, let’s say your smart coffee machine ships with a default admin password and is connected to your Wi-Fi,” adds Shepherd. “An attacker could carry out a simple scan using tools such as Aircrack-ng. This is a passive scan that can be used without having to be connected to your Wi-Fi network. After that, it is easy to work out what IoT equipment make or model you have on your network.”
Jonathan Knudsen, a senior security strategist at Synopsys, agrees: “Any device you add to your home network comes with its own security vulnerabilities,” he says. “In the best possible scenario, the device vendor has considered security at every stage of their product development, and the result is a product that is reasonably secure.”
However, reasonably secure devices won’t necessarily be enough as complex interactions between devices of varying security capabilities become more popular. “With this increase in connectivity comes increased risk owing to the complexity and diversity of devices and associated vulnerabilities, which criminals can exploit,” says Richard Holmes, the head of cybersecurity services at IT and consulting firm CGI UK. “The issue we are faced with in particular is that many of the consumer IoT devices run on old legacy software which, in some cases, […]
The post Dirty devices drag down smart home security appeared first on IoT Now – How to run an IoT enabled business.