By SSI Staff · February 8, 2017
BOSTON — Smart home systems must be secure by design across products and services and the entire supply chain if the industry is to deliver on its pledges and meet ambitious market growth predictions, according to Beecham Research.
In its new report, “Bringing Security in the Smart Home: Approaches and Opportunities,” Beecham Research says that while connected appliances such as entertainment, lighting, home security and heating systems are already finding their way into typical households, there is a very real concern about security and privacy, which is holding back wider adoption.
In a press release, Beecham Research Principal Analyst Saverio Romeo states:
“Smart homes by their nature introduce connections between multiple systems at multiple touch points and create an intersection between many other systems, including vehicles, energy grids, media streaming and the cloud. An exploitable vulnerability in the home could lead to more serious breaches in any of the systems it touches, which complicates the security landscape. Whereas traditional network security focuses on fortifying, protecting and monitoring small numbers of routes to the network, an IoT [Internet of Things] environment has too many routes to effectively and economically secure in the same way. So, while many smart home devices are designed to be secure, the connections between them are often not protected.”
The report defines three main areas of risk: end-user expertise, new business models, and pervasive and persistent insecurity. Many users of smart home technology are not experts and may compromise security by way of default passwords, for example, allowing attackers to gain access to home networks and connected devices, including PCs and laptops. The problem is compounded by traditional consumer and household product companies rushing to develop connected products and services without adequate security knowledge or expertise. Moreover, given the long lifecycles of home products such as washing machines, attackers have plenty of time to reverse engineer security systems and protocols with the help of manuals and documentation available online.
These fundamental issues need to be addressed to deliver trust in smart homes, building on existing guidelines covering technology and policy along with services and customer support, according to Beecham Research. Concerted efforts by the likes of the Allseen Alliance, Open Connectivity Foundation, Open Interconnect Consortium, the IoT Security Foundation and OWASP (Open Web Application Security Project) are a positive move, but require more attention.
The report also points to a greater emphasis on security from home automation focused organizations including the likes of Z-Wave Alliance, the Home Gateway Initiative and the Thread Group.
“The smart home security market is behind the curve compared to the smart home products and services market,” says Romeo. “Most security is focused on devices and not very systematically, without strongly addressing connectivity and as-as-service models. This is in part due to the complexity of creating smart home systems and in part down to the level of risk that managed security service providers are happy to take on. But It is clear that the smart homes industry needs to be more proactive and take the lead rather than waiting to see where the next major threat comes from.”