Usually, a typical smart home system includes a few devices from different manufacturers that communicate with your smartphone and\or with each other wirelessly.
While enthusiasts find it very appealing and handy, technical experts say there’s also cause for concern for potential security and privacy threats. What if the data transferred between home automation devices can be intercepted or worse, manipulated? Should customers worry about it, or is it a headache for device manufacturers to fret over?
Let’s take a look into the details of security and privacy in modern smart home systems.
It’s all about data
Each and every home automation device has its own set of functions, but in the end, the purpose and use of these devices can be distilled into one similar function; they all collect, process and transfer data. The number of devices used grows every year, and the amount of data transferred each second is staggering. Keeping life private increasingly means keeping this copious amount of transmitted data private.
One device can reveal huge amounts of critical info about its user
While a door lock may only tell if it’s open or locked, a smart home hub, or a phone, or a laptop with a web page open can reveal how often a user opens the door, when they leave it open, and sometimes, what data needs to be sent in order to open it. The same goes for every smart home device: motion sensors, smart bulbs, thermostats, etc, each have parsable data which can tell a story about customers’ behavioral patterns.
And while such data can be encrypted and protected, the devices storing it can easily be accessed by third parties.
When a customer opens a mobile app to check their smart home when they are away from home, where is this information stored? For better connectivity and reliability, home automation manufacturers and providers often copy this data from home hubs and devices to cloud servers.
While they are kept encrypted, many customers may not know about this fact and about potential privacy and security threats related with cloud storage. With an increasing number of cyber attacks, one can never know when their data can be stolen (i.e. copied) and used.
The lack of information on data protection algorithms on home automation manufacturers’ sites makes customers even more suspicious and confused when choosing solutions to make their homes smart. Some of them eventually decide to postpone the purchase, while others dive deep into the technical peculiarities and set up a customized system that will store all the necessary information locally, for instance, on a NAS, which in turn will allow them to protect all the data manually.
No process control
The idea behind any smart home is pretty simple. A motion sensor tracks movement and reports about it to a hub. A thermostat changes the temperature according to a preset rule or your command. But a customer usually doesn’t know what kind of communication and encryption technologies are used for these processes and thus they don’t control them. Are they secure enough, and will they remain so in the future?
For instance, simple passwords and security answers make it easier to circumvent authentication mechanisms. Installing smart home devices in places easily accessible to anyone (e.g., a cam outside of your garage, a wired doorbell etc.) can create security breaches. Finally, users themselves can be subjects to manipulation and fraud and reveal sensitive information to culprits unintentionally.
Market competition forces smart home manufacturers to release products quickly and update them promptly if necessary. Thus, the software used in their devices may not be properly tested or updated for all the latest and known threats. Often, breaches are found in the APIs, in-house gateways, and mobile apps. Thus, the level of security risks of any given solution remains unknown for users.
Takeaways for smart home market players
Due to the reasons explained above many customers remain skeptical about using smart home solutions. Still, manufacturers can address and allay consumer fears by paying additional attention to both privacy and security when improving products and when marketing them:
- User interfaces and marketing copies can contain additional information on security and privacy of previously made architecture, applied protection mechanisms and design decisions.
2. The business logic of the software can help users avoid (or even prohibit) using simple passwords, leaving web/mobile interfaces open for a long time and generally performing non-secure actions.
3. Security-driven development of firmware and software necessary for securing the back-end of smart home devices will help ensure the better overall security of home automation solutions.
In the end, it’s the manufacturers who can and should provide the highest quality security in their products and ensure that their user’s privacy, remains guarded and protected.
This is the approach we propagate and follow when offering solutions for our smart home business partners. But since most other businesses are focused on the speed and quantity rather than quality of their products, the customers are forced to take additional security measures on their own: dive into tech specs of the devices available on the market to pick the most protected ones, set stronger passwords, create separate Wi-Fi networks for smart home systems, and so on. The industry must wean itself away from such lackadaisical policy and commit to ensuring their users information and data are always secure, without or at best minimal, intervention by their users.