IoT: Smart Home Security Issues

Smart home includes a huge number of IoT-devices that collect and process data. They provide users with certain control over the apartment in both manual and automatic mode. In the smart environment, devices periodically exchange data over the web. This happens either directly from the device to the device, or through the cloud.

Due to the fact that all elements of the chain have access to the Internet, this makes them vulnerable to external attacks and endangers not only the user's information, but also his health. All this changes the paradigm of thinking, which reads: "My home is an island of security."
However, security is a 100% requirement for a smart home, no matter what anyone says. Today, it may include surveillance systems, monitoring systems (including health) and security systems that can be accessed remotely. They just need to be protected from intruders.
')
Responsibility for this must be borne by the manufacturers of these same gadgets. However, they often state that there is no point in dealing with such issues.



It cannot be excluded that with an increase in the number of smart devices, the number of control system hacks will also increase. Attackers who gain access to such systems can open a door or window with an electronic key and gain access to the bank accounts of residents of a smart home. Moreover, criminals can manually trigger medical device malfunctions.

HP has conducted a study of the market of intelligent systems in which she found that almost all systems have security problems.

The first problem is not strong authentication. The systems, despite having cloud and mobile interfaces, did not require setting passwords of sufficient length and complexity. Also, none of the systems blocked the account after a certain number of unsuccessful attempts to enter a password - it turns out that there was no banal brute-force protection.

Another problem was related to confidentiality. All systems collected any type of personal information: names, addresses, phone numbers and credit cards. This is of some concern as it creates a threat of identity theft.

It is also worth noting that the key feature of many home security systems is the use of video, which can be viewed through various interfaces. Confidentiality of such data is also in question.

Finally, experts called the last problem the lack of encryption during data transfer. Although all systems have encryption mechanisms implemented at the transport level, such as SSL / TLS, many cloud connections remain vulnerable to attack.

And this is a very important point: to eliminate unauthorized interference with the operation of the device, the exchange between the controller and the server must be encrypted using a key. “In the case of computer systems, the transfer of data for authentication in open form has long been nonsense. But, as it turned out, not for other industries, ” said Denis Legezo, antivirus expert at Kaspersky Lab.

According to Deputy Director General of Zecurion Alexander Kovalev, problems with the security of the Internet of Things consist in too rapid market development and often uncontrolled adaptation of the technology: “Users simply do not understand all the capabilities of these devices, and suppliers are still engaged in the development of the technology itself and do not attach enough importance to security” .

And this is normal, computer viruses also did not appear immediately. “As long as these vulnerabilities were not exploited by the attackers, neither users nor manufacturers will spend time and money protecting IoT devices,” Kovalev said.

According to Denis Legezo, this is due to the fact that the attitude to smart things remains the same. That is, it is as if these are ordinary objects to which everyone is used, and it does not matter whether it is a car or a television.

“But this is another device that can not only move or show television programs. Accordingly, it’s necessary to think about them in a different way, and to defend in a new way, ”the expert notes.

In his opinion, it is enough to distract from the main function of the technology and begin to perceive it as a computer network in order to notice the gaps in information security.



Asking these questions, Google, Samsung Electronics, Silicon Labs, and several others have teamed up to develop a new wireless network standard specifically for smart homes. He called Thread. Thread uses IPv6 and is built on the IEEE 802.15.4 standard, and its main advantage is security. Up to 250 devices that are protected by encryption of the banking system level can be in the network at the same time.

Another feature of Thread is transparency. The user sees a list of all connected devices, thanks to which it is easy for him to determine what is connected with what. Currently, there are a number of solutions for smart homes (ZigBee and 6LowPAN) that can easily begin to support the proposed standard without hardware changes — in their case, you just need to update the software.
Of the devices already supporting Thread, it is worth noting thermostats Nest.

“From year to year, we hear that in the end there will be only one protocol that will be used everywhere,” said Piper, Reza Kazemi, expert in product policy. “But every time a growing number of products appear on the market, communicating in their own" language. " But who knows, maybe Thread will be the “silver bullet” that will solve all the problems described above.