Talk about your homeland security.
It’s called the “Internet of things.” And it’s made up of smart devices that allow homeowners to control a light switch or thermostat, lock doors and close the garage, and watch surveillance feeds of their home with a smartphone or tablet.
But as the Internet of things expands, and our wireless world impacts more moving parts in the real world, homeowners and industry experts continue to question the security and reliability of smart home technology.
Video: Is My Home Automation Secure?
Stay in control of your home
Ethical hacker Daniel Crowley works as a senior security consultant for the SpiderLabs team at Trustwave, an international information security company headquartered in Chicago. Crowley co-authored a 2013 report entitled “Home Invasion 2.0” about security flaws in common smart-home devices.
“It’s been a year since our research, but people are still finding very silly flaws in smart-home devices,” he says.
The report lists a number of devices and how the researchers hacked into them. The researchers concluded: “Considering that many of these devices have control over the physical world, the poor security measures suggest that introducing network-controlled embedded devices into one’s home or business puts one at risk for theft or damage.”
According to Crowley, it doesn’t take a skilled hacker to exploit known security issues.
“With some of the flaws, it’s incredibly easy,” he says. “With one of the flaws that we found, it was possible for anybody who could do a Google search and click buttons to take control of somebody’s home.”
This is why it’s important to hire a skilled and experienced professional to install and configure your system. Protecting one’s home from a virtual invasion takes knowledge, skill and the right hardware.
“Just a small error on a checkbox here or there can mean a big difference in system operability, reliability and security,” says Dave Pedigo, senior director of learning and emerging trends for the Custom Electronic Design & Installation Association (CEDIA).
Fix the problem before it starts
According to industry experts, homeowners still face two main problems with smart home technology:
• The different devices developed by different manufacturers don’t communicate well with each other, which can cause malfunctions or security breaches.
• Homeowners have to use too many apps — one for the lights, one for the thermostat and so on. New hardware and mobile apps, such as Wink, allow homeowners to control their smart devices with one program, instead of a different one for every device in the home.
Sean Weiner, CEDIA member and owner of Starr Systems Design in Baltimore, Maryland, says problems often occur when homeowners install too many devices on a network without the help of an expert. Too many apps and too many devices that can’t communicate with one another slow down the network.
“More sophisticated systems allow this interaction, but require custom programming and/or configuration to function at the highest level,” Weiner says. “This can be challenging for homeowners, particularly as their lifestyles and routines change.”
To secure your smart home, Crowley suggests putting all home automation systems on a separate secure personal network, so their security issues don’t compromise personal information on your computers or other electronics. He also advises regularly checking for updates, which patch security breaches.
According to Crowley, when ethical hackers expose a security flaw, they publish the findings online to inform the public and hold manufacturers responsible. So before installing that new security camera, search online for the product’s name along with “security flaw.”
Who’s responsible for the security breach?
Homeowners’ issues, Crowley says, are often the manufacturer’s fault for not fixing something that’s clearly broken.
“It’s like asking, ‘What do I have to do to make my car more safe to drive?’ Well, certainly there are things you can do,” he says. “But it’s really the manufacturer’s fault if somebody hits your bumper and your car bursts into flames.”
Sometimes manufacturers do fix the problem. Recently, when researchers discovered that wifi-enabled LIFX LED light bulbs could be hacked and give away personal network information, the company released a patch soon after. But security updates aren’t effective unless the homeowner constantly checks for them.
Weiner says the industry continues to enhance the security of these devices, but technology takes time to evolve.
“There are rarely guarantees, but at this point, we have not seen large-scale attempts to hack home automation systems,” Weiner says. “If we want that to continue, it is the obligation of every homeowner, integrator and manufacturer to be mindful of the potential dangers and take every precaution possible to protect the integrity of the systems they install.”
Editor's note: This is an updated version of an article originally posted on July 17, 2014.
Are you concerned about someone hacking your smart devices? Share your thoughts with us in the comments section below.
