As smart homes grow smarter, what’s the likelihood that the connected systems within will be smart enough to resist being hacked?
Unfortunately, it is not very likely; at least, not without further security considerations, say experts who worry about such devices as "smart door locks" unlocking to admit strangers, and "smart home security cameras" or children’s toys with built-in Webcams taking unauthorized images and then posting them online. That is because the manufacturers of home-automation devices and their access-control systems apparently do not set security or privacy as top priorities, they say.
"In the last few years, these devices have become more affordable, and the ubiquity of smartphones and the ease of application development have offered new opportunities for remotely managing them," according to the paper "The Current State of Access Control for Smart Devices in Homes," written by Jaeyeon Jung and Stuart Schechter at Microsoft Research and Blase Ur, a doctoral student at Carnegie Mellon University.
"While the interactive features of connected devices can benefit users, they can also introduce opportunities for abuse," says Jung, who specializes in connected sensing and recording devices in the home. She describes three primary concerns:
The most important devices to secure first, says Jung, are those that are critical for the physical security of the home, like door locks and home security cameras, followed by devices that collect sensitive information in the home, like sleep monitors equipped with Web cameras.
Jung and her collaborators are working on a prototype of an auditing interface for connected devices configured as a Web interface, which can also be accessed via smartphone.
"Given that the prototype needs to go through an iteration at this moment," she says, "we believe it would be premature to make it publicly available. However, we hope to release a research paper on the prototype before the end of March."
Work on the prototype has been made possible by what Microsoft Research is calling its Lab of Things (LoT), a flexible platform for experimental research on connected devices in homes. LoT enables easy interconnection of devices and implementation of application scenarios using the HomeOS operating system [see video]. LoT is restricted to academic research – the LoT license doesn’t allow commercial use – and a partial list of the projects using LoT is available here.
Tadayoshi (Yoshi) Kohno, an associate professor of computer science and engineering at the University of Washington, believes too few manufacturers view security and privacy as a primary goal. "What I would urge them to do are three things," he says:
While Kohno believes it may be premature for consumers to worry about attacks on connected systems in their home, manufacturers should be concerned, he says, especially since 90 million homes could employ such systems by 2017, according to ABI Research.
"The manufacturers make today about, say, what protocols to use, may have ramifications five or 10 years from now as these devices become more and more ubiquitous," he says. "We don’t want them to suddenly realize, then, that they made a really big mistake by not fundamentally considering security from the get-go."
No entries found