Smart home technology was designed to simplify users' daily lives. However, a smart home could instead cause data breaches, compromised privacy and botnet attacks through insecure products, system flaws, an IP camera hack, and malicious cyberattackers. With the increasing number of connected devices at home, awareness of home cybersecurity is also rising.
Smart home technology was designed to simplify users' daily lives. However, a smart home could instead cause data breaches, compromised privacy and botnet attacks through insecure products, system flaws, an IP camera hack, and malicious cyberattackers. With the increasing number of connected devices at home, awareness of home cybersecurity is also rising.
A smart home is made of several connected devices, such as smart TVs,
smart doorlocks, smart
light bulbs and smart speakers. The original idea of a smart home was to bring convenience to homeowners. This convenience gives smart home users the ability to check whether the front door is locked from anywhere via their smartphones; or they can control the light settings with their voice instead of walking to the light socket to manually adjust it.
However, all these connected devices have become security and privacy threats for homeowners. Recent incidents such as baby monitor hacking or data breaches from a smart home device have increased users' awareness of smart home security, and are even used as a reason for not installing smart home technology.
The home network is as an abstract concept for most users but can be imagined as a physical home, where the internet router or gateway is equal to the front door. Each new smart home device added to the network is like a new door or window. As a home network user, smart home network security can be thought of as whether each physical door securely locked, and whether the locks secure. “Just like in a physical home, once an entry point is breached, that's when the real damage happens," said Michael Palmer, Senior Product Manager at Trend Micro. In the case of smart homes, privacy violations, data and identity theft, and participation in botnet attacks are the possible outcomes of insecure smart homes.
Possible security threats in a smart home
There are some possible security threats when using smart devices at home.
Privacy violations: Connected devices such as security cameras, baby monitors and smart speakers have embedded cameras and microphones. When hackers gain access to these devices, they could view streaming videos, listen to the homeowner's activities, and even control security cameras, harming homeowners' personal privacy.
Identity theft: DNS hijacking is one type of attack which targets routers and changes the critical DNS server addresses that the router uses to translate domains into server IP addresses. When URL requests go to a malicious DNS server, onlinebank.com could be directed to a hacker's server. When a user logs in, the hacker could then attain user's online banking log-in information, to further take funds.“That's one of the examples. Once user's DNS settings have been hijacked, any online identity could be stolen in this manner," said Palmer.
Man-in-the-middle attacks: Hackers intercept communication between two smart devices in such attack. They not only breach but also interrupt communications between smart home devices. For instance, fake temperature data could be generated by an environmental monitoring device in a smart home and be uploaded to the company's cloud.
Participation in botnets: Botnets are large groups of compromised devices, normally routers and
IoT devices, which are used by hackers to attack a target. A famous example is Mirai, a cyberattack found in late 2016 which exploitedpoorly protected passwords in devices in homes. Mirai installed “bot” software on these devices and searched for other devices on the network to further infect.
Once infected, all these devices will be triggered to attack sites in a Distributed Denial of Service (DDoS) approach by forcing all these bots to make requests from a given website. In 2016, Mirai attacked a DNS company called Dyn, which was used by several well-known names such as Amazon, Reddit, Slack and Twitter. All of them were affected with service outages.
Most intrusions of this type of attack are on routers and cameras, as well as any OS-based device including smart home hubs. Around 14.2 billion connected devices are expected to be added in 2019, and by 2021, the total number will reach 25 billion, according to
Kumar Jayant,
Analyst, Electronics and Semiconductor
Research at MarketsandMarkets
data provided by Kumar Jayant, Analyst, Electronics & Semiconductor Research at MarketsandMarkets. "The increasing number of connected devices creates additional points of access in a home network; more access means more opportunity for unwanted entry, which increases the chances of getting hacked,” said Jayant. “It is estimated that approximately 80 percent of the overall IoT (internet of things) and smart devices are vulnerable to a wide range of attacks.”