The smart home technology is moving more and more toward IP. This article looks at what cyber-threats are facing the smart home and what measures may be taken to prevent them.
The
smart home technology is moving more and more toward IP. While this brings convenience, it also introduces certain risks, especially in the area of
cybersecurity. This article looks at what cyber-threats are facing the smart home and what measures may be taken to prevent them.
Needless to say, the home is getting smarter and more automated. Lights, air conditioning, cameras and home entertainment all work together to make the home more secure and energy-efficient.
A major enabler for this is a move towards IP. “The use of smart technologies in buildings has become an integral part of everyday life, offering convenience and flexibility for users. From lifts to heating, and from alarm systems to access control, the range of critical infrastructure connected to the network and communicating with each other and with smartphones and other IoT devices is increasing. IP technology has many benefits. These devices are easy to install and can be administered remotely or connected to third-party systems,” said Lukáš Psota, Marketing Product Manager at 2N.
But this migration to IP also introduces new risks. In particular, if unprotected, networked smart home devices can be easily hacked or compromised by hostile actors. In recent years, hackers taking control of IP-based devices, for example
baby cams, have been reported on numerous occasions.
There are other examples as well. “One risk could be the possibility of hacking the network via an IP intercom cable that is outside the house (for this reason, we support the 802.1X protocol) and wiretapping and monitoring what is happening in front of the building and the hallway. Intercoms protect the entrance of the building and have sensitive user data (access codes and card numbers), so it is possible that they can be attacked in this way. But it's not just about intercoms, it's about the whole access system – if someone hacks it successfully, they can create a new user and PIN, enabling access throughout the building,” Psota said.
Taking cybersecurity seriously
Indeed, with IP-based smart home solutions subject to various types of cyber-threats, it’s imperative that all stakeholders – vendors, installers and users – take cybersecurity seriously. “As is the case with any IoT device, connectivity opens up the possibility of cyberattacks from the outside. In this sense, a building’s cyber-resilience has become just as important as its physical security, and both must be guarded in tandem,” Psota said.
2N itself, for example, has added strong cybersecurity features into its solutions. “For us, the first step towards cybersecurity is the physical security of our products. In addition to the reinforced materials we use, a built-in mechanical or optical tamper switch helps to prevent unauthorised entry into the device,” Psota said.
Also according to Psota, secure communication is the backbone of IT security and attention must be paid to it, especially in areas where sensitive data is stored. Customer data in companies is therefore protected by functions and protocols integrated within devices, he added.
“This is done through a combination of mechanisms. For example, on the one hand, HTTPS data encryption is used for the connection between web browsers and servers. Port hijacking is then prevented by a point-to-point connection using the 802.1X protocol. This makes unauthorised access to the LAN port very difficult to obtain. SIP messages are also encrypted using a specific protocol, thus preventing man-in-the-middle attacks or identity theft, and voice data is encrypted using another protocol,” Psota said.
Finally, cybersecurity for the home is a two-way street; aside from the vendor, there are certain preventive measures the users can take to protect against cyberattacks. For example, to prevent hackers from unlocking the doors remotely, Psota recommends the following:
- Encrypted API (HTTPS) with different levels of permission (five different roles in the system) and modifying the configuration prevent hackers from attacking the device.
- Use a ring-fenced network where 2N’s solution does not need to rely on the cloud, which can be in a “closed” network preventing any remote access. This is an on-premises solution with an Access Commander Box.
- Customers are always encouraged to set up a strong password after the first login, which provides protection against dictionary attacks.