IoT and smart homes
You are probably familiar with terms such as the Internet of Things (IoT) and smart homes (as well as all sorts of “smart” things like smart cities, smart energy, smart cars…). Before going further into the topic though, let us define what these buzzwords actually mean.
The International Telecommunication Union defines the Internet of Things as “a global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication technologies“(ITU, 2015). In other words, we refer to (interconnected) devices that sense, report and act on real-world data (Digital Trends, 2014). Smart homes apply this concept of IoT to our homes and connect a wide range of ordinary appliances and devices such as your lights, coffee machine, toilet, window blinds, etc., to the Internet and to one another. This connectivity also enables the remote controlling of these appliances.
The video below illustrates what such a smart home (perhaps your future home?) could look like.
Pretty cool, right? After all, who wouldn’t want to be able to check whether their home is locked without having to get back out of bed or wake up to a simulated sunrise and fresh coffee awaiting in the kitchen?
How hackable are smart homes?
While the video is not a very accurate representation of what our days look like (yet), the extent and speed at which we are approaching ever “smarter” lives should not be underestimated. For instance, there are currently over 10 billion connected IoT devices (Philips Hue lights anyone?), and SmartThings (Samsung’s IoT platform) already offers over 500 SmartApps for users’ homes while its Android app has been downloaded over 100,000 times (Business Insider, 2016)(University of Michigan News, 2016). Given this scale and prominence, one would assume that these devices are quite safe. But are they? It turns out that in addition to a hefty price tag, the resulting convenience of smart homes may cost us dearly in terms of privacy, safety and control over what is supposed to be our home.
I’m sure we can all think of horror scenarios in which our homes become our enemy, however, these scenes aren’t as far fetched as one would think (and hope!). Although the entertainment industry certainly has a flair for the dramatic, there have been many vulnerability exploitations in IoT devices over the past years. Examples include the online life streaming of over 70,000 private security cameras or hacks on home security systems that would enable thieves to disable your alarm, break in, and re-enable it after the theft (Network World, 2015)(Network World, 2014). Last year, the DefCon (one of the world’s largest hacking conferences) even hosted its first IoT Village, in which IoT devices, in this case a Samsung smart fridge, are hacked (IOT Village, 2015)(Pen Test Partners, 2015). You may think, “It’s just a fridge, so what?”. Well, the thing with IoT devices is that they are interconnected, hence, while it is certainly possible to mess with your shopping list, these hacks were able to, amongst others, get the owner’s Gmail credentials (ConsumerAffairs, 2015).
In addition, cyber security researchers from the University of Michigan performed what is considered the first system-wide security study on connected homes. Specifically, they tested Samsung’s popular SmartThings platform and were able to turn on the house’s fire alarm, add an additional code for the entrance door (essentially a secret spare key), set up an automatic text message to the hacker as soon as the door code is changed, and turn off the so-called “vacation mode”, which control lights, blinds and so on, for owners that are away (University of Michigan News, 2016).
Main issues
While there are many underlying issues leading to the vulnerabilities in smart home devices and the technical details behind them are out of the scope of this post, we can identify several key points:
- Wi-Fi: if hackers can gain access to the network to which the devices are connected, they can easily attack the respective devices (TechRadar, 2016).
- Overprivilege: the researchers from the University of Michigan found that over 40% of the SmartThings apps were granted more access than the apps actually requested – by default, the platform grants full device access (University of Michigan News, 2016).
- Manufacturers: manufacturers have not invested enough in security, which is costly and very difficult for consumers to assess (Network World, 2015).
- Lack of standards: security standards for the IoT are still being designed (Network World, 2015).
- Default passwords: last but certainly not least, in many cases hacks occur because users do not change the default usernames and passwords. For example, such as in the private surveillance camera case mentioned above (Network World, 2015).
Summing up…
There are many appealing applications that in an ideal scenario may (considerably) aid our daily lives. Nonetheless, it is simply reality that in the end, anything connected to a network is hackable. The key is to make hacking these devices so difficult and/or expensive that it is not worth the time and effort, while always being aware of what we are potentially risking by opting for a little bit more convenience. Furthermore, as security standards are established, more vulnerabilities are exposed and consumer awareness increases, smart homes may become a viable reality.
To what extent would you be willing to compromise your privacy and safety for the added convenience of a smart home? And what do you think are the implications this has for the growing trend of smart cities?
For some additional examples and short videos feel free to visit CNN’s Your Hackable House: http://money.cnn.com/interactive/technology/hackable-house/
References:
Business Insider. 2016. How the ‘Internet of Things’ will impact consumers, businesses, and governments in 2016 and beyond. [ONLINE] Available at: http://www.businessinsider.com/how-the-internet-of-things-market-will-grow-2014-10?_ga=1.266641102.1532001313.1474814359. [Accessed 25 September 2016].
ConsumerAffairs. 2015. Hackers can steal Gmail passwords from Samsung “smart” refrigerators. [ONLINE] Available at: https://www.consumeraffairs.com/news/hackers-can-steal-gmail-passwords-from-samsung-smart-refrigerators-082515.html. [Accessed 25 September 2016].
Digital Trends. 2014. You can’t avoid the ‘Internet of Thins’ hype, so you might as well understand it . [ONLINE] Available at: http://www.digitaltrends.com/home/heck-internet-things-dont-yet/. [Accessed 25 September 2016].
IOT Village. 2015. Motivation. [ONLINE] Available at: https://www.iotvillage.org. [Accessed 25 September 2016].
ITU. 2015. Internet of Things Global Standards Initiative. [ONLINE] Available at: http://www.itu.int/en/ITU-T/gsi/iot/Pages/default.aspx. [Accessed 25 September 2016].
Network World. 2014. Peeping into 73,000 unsecured security cameras thanks to default passwords. [ONLINE] Available at: http://www.networkworld.com/article/2844283/microsoft-subnet/peeping-into-73-000-unsecured-security-cameras-thanks-to-default-passwords.html. [Accessed 25 September 2016].
Network World. 2015. Smart home hacking is easier than you think. [ONLINE] Available at: http://www.networkworld.com/article/2905053/security0/smart-home-hacking-is-easier-than-you-think.html. [Accessed 25 September 2016].
Pen Test Partners. 2015. Hacking DefCon 23’s IoT Village Samsung fridge. [ONLINE] Available at: https://www.pentestpartners.com/blog/hacking-defcon-23s-iot-village-samsung-fridge/. [Accessed 25 September 2016].
TechRadar. 2016. How hackers are making your smart home safer. [ONLINE] Available at: http://www.techradar.com/news/world-of-tech/how-hackers-are-making-your-smart-home-safer-1320500. [Accessed 25 September 2016].
University of Michigan News. 2016. Hacking into homes: ‘Smart home’ security flaws found in popular system. [ONLINE] Available at: http://ns.umich.edu/new/multimedia/videos/23748-hacking-into-homes-smart-home-security-flaws-found-in-popular-system. [Accessed 25 September 2016].
