Smart home security: whose responsibility is it?
Consumers today probably don’t consider their homes to be “smart”. The reality, however, is that connected or internet of things (IoT) devices they have attached to their home network can put their data and homes at risk.
The number of smart devices in people’s homes is expected to grow to 38.5 billion by 2020, according to Juniper Research, and includes everything from smart speakers to smart washing machines, all designed to make our lives more convenient. But securing these IoT devices individually is challenging due to the diversity of products and the systems they run on.
In the smart home, the router controls the flow of data transmitted by any device connected to it. These days, most are supplied by telecommunications and broadband providers – according to research conducted by IHS Markit, the percentage of Wi-Fi home gateways or routers provided by broadband providers is expected to rise to nearly 90 per cent by the end of 2019.
To help consumers protect their devices and their data, there is an opportunity for broadband providers and security vendors to collaborate to offer tools and protection services that make it easy for their customers to keep themselves safe online.
Attackers can penetrate any smart device through the home network if its entry point, the router, is not properly secured. Hacked IoT devices such as a smart thermostat or connected lights can indicate when a homeowner is away, putting their home at risk from burglary.
A smart device like an Amazon Alexa or Google Home could be used by criminals to open the front door, or collect personal data for other cybercriminals to exploit.
In supporting connected devices in the home, telecommunications providers are also targets. Cyber criminals can attack smart devices to enslave them and create a botnet. This can then be used to initiate distributed denial of service (DDoS) attacks to take down servers, which we have already seen happen to Dyn, Deutsche Telekom and Carphone Warehouse.
The problem is compounded by device manufacturers who are under pressure to produce smart devices and deliver them to market quickly, at an affordable price. A toaster manufacturer, for example, who may now be producing smart toasters, has never had to think about securing its products from hackers before.
Therefore, security may not be a priority and so their devices may be vulnerable to hackers or unable to accept security updates.
These trends have created a massive opportunity for cyber criminals. Consumers can take basic security measures to protect their smart devices but it’s not enough to provide the full protection they need.
It also relies on people to remember to manage software updates and to search out security products to protect their devices and data, which varies widely from person to person.
Telecommunications providers can help subscribers by offering security directly through tariffs and services direct to the users, making it a lot simpler to protect their smart homes.
by Gagan Singh, SVP & GM Mobile, Avast