Menu

SMART HOME FEATURE NEWS

The Too Smart Home and Uninvited Guests

By Special Guest
David Ginsburg, VP, Worldwide Marketing, Cavirin Systems
September 27, 2018

We’re at a tipping point in inviting the next wave of technology into our homes, with capabilities and potential risks an order of magnitude greater than the PC, smart TV (more on that in a moment), or even an iRoomba. Spreading from the early adopters, everything can be fair game, including smart lights, thermostats, doorbells, and practically any device within the home that can be connected to the Internet and automated.

This, combined with the quicker than expected adoption of intelligent assistants– Amazon’s Alexa, Google’s Assistant/Home, Apple’s Siri/HomeKit, and Microsoft’s Cortina – makes the smart home a mass-market reality for the first time. And, another barrier to adoption, interoperability, is now being addressed. Consider the Nest Protect, interoperable with Google, Alexa, IFTTT for the more technical amongst us, and a variety of mainline security products. But as the adage goes, with great power comes great responsibility, both as it relates to security, and to privacy.

Mutts with Fleas
In the rush to automate, the smart home market has been a bit of a land grab, with the better-known vendors competing against a plethora of no-name imports. The scary thing here is that the more technically literate are more likely to purchase premium devices, at premium prices, while others make their decision on price-only, bringing into their living room or kid’s bedroom a product with an unknown security pedigree. A mutt, with fleas.

But at least mutts from the animal shelter have their shots! There have already been multiple examples of cameras and other devices hacked to either display their feeds on the Internet, or repurposed for botnets. As more devices are cloud-connected, the potential for compromise only increases, and we’ll see more examples of risks such as those identified with Dongguan Diqee 360 vacuum cleaners, a low-cost knockoff of the Roomba. No one is immune, and even well-known brands have their issues. Consider Smart TVs from the likes of Samsung and Vizio, a subset of the vendors under investigation for relaying user viewing data to 3rdparties for gain. I can easily draw the analogy to a certain social network or free email service recently accused of the same.

The Family (Cloud) Sysadmin
In parallel, the role of the family sysadmin is evolving from OS and internet management to understanding and managing cloud services. Intelligent thermostats, security cameras (how many brands to you have installed?), door locks, and even UPSs all require knowledge of connectivity, how the data is stored and secured, whether a path is configured through the home firewall for remote access, and the vendor’s privacy policies. Imagine tracking this across 5-10 separate cloud services!

Back to the intelligent assistants. At least Amazon, Google, and Apple, are doing their part to lock down their software and applications, with Amazon in particular having learned its lesson from Alexa. However, as with any software platform, the chances are great that another vulnerability will be found at some point in the future. One option is be for the major vendors and their ecosystems to create more stringent certifications for interoperability, much like the that which exists on the IOS app store, with consumers using this as an indicator of a secured device. And, the same vendors will need to establish a protocol whereby older devices are patched (not requiring a degree in IT), or recalled if an un-patchable flaw is found. Once again, this is a much more likely scenario for the major ecosystems vs the no-names.

Potential for Abuse
What happens when devices within the smart home become tools for abuse, not due to hackers or neglect, but out of malicious intent. The NY Times recently addressed the potential for domestic abuse, and many times the most vulnerable don’t have the required control over devices that may have been configured by their abusers. This leads to a difficult situation as the NY Times pointed out, where on one hand, a simpler reset is desirable, while it also leads to easier access by hackers. The same ecosystem approach I mention earlier could be a path forward, with cloud-based control, but this infers interoperability or vendor lock-in.

A New Privacy Charter
In parallel with the vendors, privacy laws need more teeth, and Californa’s new consumer privacy act, a less stringent version of the EU’s GDPR, is a step in the right direction. But it only addresses the data, and only that collected from California residents. A parallel act relating to the physical devices is a requirement, where vendors and their hardware with known security faults can be barred. This isn’t that wild a suggestion. Remember the hoverboards and their batteries from a few years back, and how they were banned? A malfunctioning or malicious home automation device has just as much a chance of producing physical harm. 

Sure, the recommendations above won’t occur overnight, and in some cases could take a decade or more to reach total clarity, but it is never too soon to begin. And, never too soon to begin the education process, much like kids are warned about the dangers of social networks.

About the Author: David Ginsburg brings to Cavirin over 25 years of experience spanning corporate and product marketing, product management, digital marketing, and marketing automation. Previous roles included CMO at Teridion, Pluribus, Extreme, and Riverstone Networks as well as senior marketing leadership positions at Nortel and Cisco. His expertise spans networking, cloud deployments, and SaaS.




Edited by Ken Briodagh


SHARE THIS ARTICLE
Related Articles

X2 Games to Merge with Global Blockchain

By: Arti Loftus    10/23/2018

Global Blockchain (BLOC), this week rolled out an announcement on the company's acquisition of Atari founder Nolan Bushnell's X2 games.

Read More

Allot Telco Security Trends Report Finds Need for IoT Security in Connected Homes

By: Ken Briodagh    10/17/2018

Consumer concerns point to the necessity and demand of ISPs offering security services at a network level

Read More

igloohome Introduces Smart Padlock for Smart Buildings

By: Ken Briodagh    10/9/2018

PIN Code Technology Allows Owners to Remotely Grant Access Without An App; Indiegogo Campaign Launches to Fund Product's Final Development

Read More

Liberty Global joins HomeGrid Forum as Support Grows for G.hn Standard

By: Ken Briodagh    10/2/2018

HomeGrid Forum recently announced that Liberty Global has become the latest member of the Alliance, alongside AT&T, BT, CenturyLink, China Telecom and…

Read More

Augury and Grundfos Enter into Strategic Partnership for Water Supply Services

By: Ken Briodagh    10/1/2018

Grundfos, a pump and water technology company, and Augury, an AI-based mechanical diagnostics provider, are partnering to change the way the world acc…

Read More