Security Flaws of Smart Home Technologies

407
Image of three lightbulbs with a code block behind them that says
Illustration: © IoT For All

Everyone gets excited by the novelty of the latest mobile app-controlled light bulb or door lock, yet while innovations in consumer technologies drive magical “the future is now” moments, they also introduce new vulnerabilities to systems that previously did not exist. Similar to the lawless days of the early internet, where password phishing schemes and virus-infected file downloads ran rampant, smart home technologies are still relatively young and poorly understood by a vast majority of users.

Types of Security Exploits

Physical Security

In an era of biometric fingerprint or facial recognition passcodes to mobile devices like phones and tablets, physical security is an oft-forgotten consideration. For example, traditional cars come with several opening mechanisms – a radio-wave based remote that works at short distances, a physical key that triggers a mechanical mechanism from the outside, and a physical switch or toggle that triggers the same mechanism from the inside. To break in, each of these opening mechanisms can be “hacked” or exploited. If you add internet connectivity to the system, the realm of possible hacks and exploits grows exponentially.

This is especially true of smart lock systems, which introduce two new “mechanisms” to the traditional lock paradigm. Connectivity and electricity. If the network that powers a given smart lock product (usually Zigbee or Z-Wave) is compromised, or if the device itself is hacked, then a home is no longer secure. Similarly, because smart locks rely on electronic triggers to activate mechanical mechanisms, the circuit design becomes a new point of failure.

Digital Security

There is a fine line drawn between connected consumer products like coffee makers or thermostats, and fire/health hazards. The primary difference is how an input like electricity or gas is controlled to generate an outcome, like cooking food or warming a building. Yet, while security vulnerabilities in smart home devices are well documented, they extend beyond having a mischievous third party gain control of your appliances. They may also grant access to private information or data via connected security cam feeds, and even your local network, through unsecured WiFi credentials.

Although smart home technologies may offer some quality of life improvements, patching security flaws, both physical, and digital, are still works in progress. There are also solutions available, like Trend Micro’s Home Network Security device, which acts as a network management tool and IoT firewall for devices connected to your network. This directly addresses the primary (potential) point of failure at its source – the internet.

At the end of the day, the average user of smart home technologies is not likely to be hacked, however, it is still worth understanding the flaws in a system, and proactively addressing them before they become issues. Whether you buy into them or not, smart home technologies are here to stay, and with it, the importance of understanding how they work and how they might fail.

Eric Zhang
Eric is a systems engineer at Leverege who enjoys experimenting with all sorts of development hardware for fun projects. As a former teaching assistant, workshop coordinator, and Microsoft Student Partner, he is constantly searching for better ways to deliver educational tech content to the masses.