Easing the end-user’s responsibility for smart home security
Easing the end-user’s responsibility for smart home security
Date: 2019/08/21
Source: Elvina Yang
End-users are often reminded to change default username and password settings for a secure home network. A device maker and system provider should do more to protect their smart home by creating a friendly user experience, testing the network regularly and working with third-party experts to establish a secure design process.
With more and more cyberattacks taking place on a daily basis, consumers are becoming more concerned with the safety and security of a smart home. "Privacy concerns and fears of being hacked prevent some of the consumers from adopting smart home technology," said Kumar Jayant, Analyst, Electronics & Semiconductor Research at MarketsandMarkets.
"Some consumers even perceive that having a smart home device would eventually mean sacrificing personal data about their daily habits to the technology giants manufacturing those devices.”
The first step for a device maker and a home system provider, Jayant suggested, is to educate consumers about regularly password changes and security updates. Default passwords for popular home devices are attainable on various websites, leaving devices vulnerable to hacking. Smart home companies could, for example, send notifications to users regularly for password changes and suggest them to have a strong password that incorporates numbers, letters, upper and lower cases and symbols. Besides reminding users to set up a strong password and change it regularly, smart home companies should take the most responsibility when it comes to cybersecurity.
"The main principle is to remove as much of the security burden from the end-user as possible," said Michael Palmer, Senior Product Manager at Trend Micro. "While educating the general public about the smart home, security is essential for awareness, it is unrealistic to expect nontechnical consumers to manage their own security. Players at each layer in the ecosystem should focus on how to make their devices or services as secure as possible without end user decision-making.”
The Home Network Security solution by Trend Micro, for instance, helps users in a smart home strengthen safety and protection from cyber threats with an easy approach. Users only need to plug the Trend Micro Home Network Security station into their wireless router, download the mobile app then pair the app and the station. According to Palmer, Trend Micro Home Network Security is able to stop hackers and network attacks, block dangerous websites and files, monitor usage, and block unfamiliar devices and applications connected to a home Wi-Fi.

Regular testing and working with third parties

Incorporating a security-based design approach is critical for smart home cybersecurity, no matter if it is for smart home system providers, device makers or security service providers. "Security aspects must be considered at all levels of product development," said Jayant. They should, for instance, add data encryption, provide communication protocols limitations, suspicious traffic detection, make security configuration become a part of the set up, and add an intuitive security interface for problem-solving.
"Device makers need to make default settings the most secure and ensure that users are always on the most secure version of their software by automating firmware updates. They also need to make sure that glaring vulnerabilities like hardcoded credentials and unused but critical services like Telnet are locked down before going to production," Palmer said.
Device makers and system providers should also perform regular vulnerability testing to monitor the security aspects of current devices in the market, and ensure regular risk assessments and security audits for minimizing the chances of cyberattacks. "Such testing is crucial for evaluating the security infrastructure, which is eventually enhances device performance and maintenance in the longer run," said Jayant.
Device makers and system providers, Jayant further recommended, could work with third-party security specialists to discover any design inconsistencies and flaws and to ensure security aspects of any smart devices aren't compromised at all levels. Device makers and system providers are now largely working on providing enhanced security features such as data management, identity protection and privacy, as well as offering an image that having a smart home isn't definitely vulnerable to cyberattacks.
"Hopefully, with the growing confidence and privacy awareness measures (across the entire value chain of smart home), smart home adoption will eventually increase in the coming years," said Jayant.