Earlier this month, Rambus Sr. Director of Security Products Asaf Ashkenazi wrote an article for Semiconductor Engineering that discusses the importance of securing smart homes. As Ashkenazi notes, OEMs are inadvertently creating major security risks in their rush to market by shipping smart home products with inadequate security and un-patched vulnerabilities. In fact, an estimated 80% of IoT devices are vulnerable to a wide range of attacks.
“For example, a connected home door lock is designed to collect and transfer data to the cloud about the entry and exit habits of family members. This can be exploited if the smart door lock device is compromised by cyber criminals,” he explained.
“Similarly, a smart thermostat that collects usage data for real-time energy optimization must be designed to protect information from unauthorized access that could indicate a home is empty – making it an ideal target for burglars. Even connected baby monitors are vulnerable to digital intruders, as a number of horrified parents belatedly discovered when hackers spoke to their young children via compromised devices.”
According to Ashkenazi, common cyber security threats and attacks against smart home devices include data and theft, man-in-the-middle, device hijacking, Permanent Denial of Service (PDoS) and Distributed Denial of Service (DDoS). In terms of the latter, says Ashkenazi, a Denial-of-Service Attack (DoS attack) attempts to render a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.
Meanwhile, a Distributed Denial-of-Service attack (DDoS) sees incoming traffic (originating from multiple sources) flooding a target, making it difficult to stop the cyber offensive by simply blocking a single source.
“In fact, DDoS attacks doubled from 3% to 6% in 2016, primarily due to the lack of security in IoT devices. This isn’t surprising, especially as infected devices are forced to join vast botnet armies that execute crippling DDoS attacks,” he added.
As Ashkenazi emphasizes, there is obviously no shortage of threats targeting IoT endpoints. As such, connected smart home devices should be protected by a comprehensive IoT security solution (device to cloud) that does not disrupt an OEM’s profitability or time to market.
“A practical and simple, yet secure solution that can be easily and widely adopted by OEMs and services is more effective than a ‘super solution’ that will inevitably fail to gain serious traction. More specifically, a comprehensive IoT security solution should offer secure boot, mutual authentication, secure (encrypted) communication, as well as agnostic capabilities that are scalable and interoperable across multiple devices,” he concluded.