The challenge of securing smart homes

This entry was posted on Tuesday, October 3rd, 2017.

Understanding smart homes

Although there is little consensus regarding a specific definition, the “Internet of Things” generally refers to the multiple networks of devices (“things”) that communicate with each other via wired and wireless network protocols – without direct human interaction. IoT-enabled devices help facilitate the rapid and efficient transfer of data used to support a wide range of activities and operations. The IoT encompasses a multitude of complementary network of things in various service sectors, such as efficient energy production and distribution, M2M and other industrial and manufacturing controls, smart city water and transport management, smart homes, and health care.

Like the IoT, the term smart home has been widely, yet inconsistently used. However, in an effort to standardize the meaning of the term, Coldwell Banker Real Estate and CNET have defined a smart home as “a [residence] that is equipped with network-connected products (aka ‘smart products’) connected via Wi-Fi, Bluetooth or similar protocols for controlling, automating, and optimizing functions such as temperature, lighting, security, safety or entertainment, either remotely by a phone, tablet, computer or a separate system within the home itself.”

The U.S. smart home market

U.S. smart home penetration was reported at 32.5 % in 2017, and is expected to hit 60.7 % in 2021. Some of the most popular smart home products include connected cameras (40%) and video doorbells (26%). Family safety (63%) and convenience (54%) are currently the top motivators for adopting smart home technology, which allows residents to more precisely manage cooling, heating, electricity, gas, water, and other resources. Pet owners also benefit from smart home technology, as cameras can be used to monitor dogs and cats, while feeding tools are automated to ensure precise portion control. As an example, the success of Amazon’s Echo smart speaker and Nest’s intelligent products such as thermostats and smoke detectors illustrate the growing popularity of smart home devices that are designed to anticipate consumer needs.

Smart home security challenges

An estimated 80% of IoT devices are vulnerable to a wide range of attacks. Clearly, connecting traditionally ‘stand-alone’ smart devices such as lights, appliances and locks introduces numerous cyber security risks. For example, a connected home door lock is designed to collect and transfer data to the cloud about the entry and exit habits of family members. This can be exploited if the smart door lock device is compromised by cyber criminals.

Similarly, a smart thermostat that collects usage data for real-time energy optimization must be designed to protect information from unauthorized access that could indicate a home is empty – making it an ideal target for burglars. Even connected baby monitors are vulnerable to digital intruders, as a number of horrified parents belatedly discovered when hackers spoke to their young children via compromised devices.

There is clearly no shortage of threats targeting IoT devices. Indeed, vulnerable devices can be hijacked and even physically disabled, while unencrypted or unverified data transmissions can be intercepted, leaked or spoofed. A leak or deliberate falsification of sensitive customer data will inevitably damage a brand and decrease consumer confidence in smart home devices. Despite the real-world risks, service providers and OEMs are understandably concerned that implementation of a comprehensive IoT security solution could potentially incur additional costs and delay time to market. As such, the most effective IoT security solution is one that does not negatively impact profitability or time to market. Put simply, a practical, simple and secure solution that can be easily and widely adopted by service providers is far more effective than a ‘super solution’ with only limited adoption.

Rambus IoT Device Management

The Rambus IoT Device Management is a turnkey security service for smart home service providers and OEMs. Our one-stop shop solution provides seamless device-to-cloud secure connectivity, protects service high-availability and helps mitigate a variety of attacks, including distributed denial of service (DDoS). Rambus CryptoManager IoT Device Management uses pre-provisioned unique device keys to automatically identify and authenticate a device. The device is then securely provisioned by IoT Device Management over the air, creating a secure communication channel between the device and the service. Our one-stop-shop solution also offers device lifecycle management and advanced device monitoring capabilities.

The CryptoManager IoT Device Management solution comprises multiple software modules that are pre-integrated with the device and the selected cloud Platform as a Service (PaaS) via their relevant SDKs. When a device is powered up and connected to the internet, it automatically connects to the IoT Device Management service, seamlessly authenticates and provisions relevant security credentials.

In conclusion, the widespread use of connected smart home devices has created an attractive target for cyber criminals and other unscrupulous operators. Smart home security should therefore be viewed as a primary design goal, rather than a tertiary afterthought. To be sure, consumers increasingly expect their devices to be protected out of the box, with seamless over-the air-updates (OTA) implemented securely. However, OEMs need to be assured that securing smart home devices is not an insurmountable goal that negatively impacts profitability or time to market. As such, smart home devices should be protected by a turnkey security solution that can be easily implemented, maintained and upgraded to meet the evolving challenges of a dynamic threat landscape.

Interested in learning more about securing smart homes? You can download our white paper below on the subject.

Download Cyber Security in the Era of the Smart Home