Part I of “How to Protect Your Smart Home in 2020” Mini-Series

This content was also featured in the webinar “Your Private Smart Home” brought to you by IoTeX and NKN available now on YouTube.

It is probably no surprise that the number of connected devices has grown to nearly 20.4 billion today.  Many of these devices such as smart speakers, security cameras, and connected light bulbs are installed among the more than 40 Million Smart Homes to help make them safer, more convenient, or just more enjoyable.  However, these devices also hold sensitive information which makes it important to keep your smart home secure and protect your private data.  Let’s take a closer look at these devices and networks and provide some recommendations on what you can do today to help protect your smart home.

Smart Home Devices
Smart Home Devices

First, let’s talk about devices.  Today, devices are available in nearly every aspect of your home.  From the security of being able to monitor your front door with a smart doorbell to climate control using connected thermostats and lights, there are now more devices than ever to help you manage your life at home.  These devices connect the physical to the digital world.  For example a smart door lock will allow you to physically unlock a door remotely given the right digital permissions.  These devices are purpose built mini-computers with their own Compute, storage, and networking and because of that they also are subject to many of the same hardware/software vulnerabilities that your laptop, phone, or tablet may have. 

Smart Home devices also collect and share data.  If we take a look at the data life cycle of a typical device, the data is first acquired by a sensor which records the information,  For instance, a smart Thermostat may take a temperature measurement every minute in your house.  Some of this data may be processed on the device itself or sent to the cloud for processing and storage.  The decision of where to process the data has a lot to do with device performance both in terms of battery life and processing power.  If data is sent to the cloud, the wireless module transmits that data to a nearby hub or gateway which is then forwarded to the cloud application for processing. 

Data Life Cycle of Your Typical IoT Device
Data Life Cycle of Your Typical IoT Device

Now temperature data may not be all that important, but what if it were personally identifiable data.  For example a smart doorbell will use camera sensors to detect movement and record visitors to your home or even when you enter or leave your house.  In this case, it’s important to understand where your data is being stored or transmitted to best protect it.

Because many of today’s IoT devices have complementary cloud applications that need access to your device for management, data storage, and more you need to have an internet connection  The Internet connection in your home is terminated at the modem, and for convenience, that modem is often connected to a WiFi Router or access point to provide wireless access to the devices in your home. In order to support Low Power IoT devices, which are using wireless protocols such as Zwave or Zigbee, you will need to add a Smart Hub to your network.  The smart hub acts as a bridge between these low power IoT devices and your home network. It’s important to note that the modem, WiFi Router, and even smart hub can be combined into a single device within your home.

Smart Home Diagram
Smart Home Diagram

One of the reasons why the smart home has introduced new wireless protocols is to allow for wireless battery powered devices like door locks and smoke detectors.  Three of the most common are: Zigbee, Zwave, and Bluetooth or BLE.  Both Zigbee and Z-Wave are open standards.  Zigbee was developed by the Zigbee Alliance and uses similar frequencies as WiFi.  Z-wave on the other hand was developed by Silicon labs and while it offers slower speeds than Zigbee, it also uses lower power which translates to a longer battery life for its devices.  Finally, Bluetooth/BLE which is a popular radio already deployed in mobile devices like Mobile phones and laptops, is gaining in popularity with Smart Home devices as well although the ecosystem is still developing.

Now that we have looked at Smart home devices and their supporting network infrastructure let’s take a look at some of the vulnerabilities that these devices and networks have to malicious attack and provide some real world examples for contect.

Common Smart Home Security Attacks
Common Smart Home Security Attacks

Vulnerability Exploits 

In 2018, Researchers found 20 vulnerabilities in Samsung’s SmartThings Hub, allowing attackers to control smart locks, remotely monitor the home via connected cameras and perform other alarming functions.

Malware

in late 2019 SRLabs researchers discovered that Amazon and Google smart speakers were vulnerable to eavesdropping via malicious 3rd party Alexa skills or Google actions

DOS and DDOS

In 2016-2017, the Mirai botnet took advantage of stripped down unpatched linux based IoT devices by scanning for open ports and using default user/pass to gain access to devices and create a botnet army 

Man-in-the-middle attacks

In 2017, researchers discovered a remote exploit in the Zigbee wireless protocol would compromises Hue light bulbs paving the way for network attacks

Eavesdropping and Information Theft

Last year, authentication vulnerability in iLnkP2P enabled security cameras, baby monitors, and doorbells allowed remote attackers to intercept user-to-device traffic in cleartext, including video streams and device credentials.

In order to secure your home from these threats, there are a few simple configuration and maintenance activities that will help reduce your risk.  Below are 5 recommendations that you can do today to protect your smart home:

  1. Harden your home WiFi Router: reset and update your router on a consistent basis, close any ports that are not being used, and enable the router and device firewalls
  2. Separate your smart home devices from your regular home network: create a separate guest WiFi network to connect your devices to — “defense in depth”, layered security
  3. Change an factory-installed username and passwords: ensure all connected devices have unique combinations; if device credentials can not be updated, switch them out
  4. Update all firmware and software regularly: all of your devices receive over the air updates, including “fixes” for vulnerabilities — subscribe to updates from all manufacturers
  5. Review device settings for privacy and data sharing: don’t assume devices are pre-configured with your best interest in mind — turn off any non-essential features

Another way to improve the security and privacy of your smart home is to choose devices and services with security first approaches including those from IoTeX and NKN:

NKN is building the world’s largest shared network with hosted services like secure remote access that enable secure and private communications between your application and your smart home devices.  NKN’s collaboration with Mozilla offers a secure way to connect to your Mozilla WebThings IoT Gateway from anywhere in the world.  Find out more at: https://dataride.nkn.org/iot/

IoTeX is building the Internet of Trusted Things by offering highly secure and privacy-protecting IoT devices and ecosystems.  They offer the Ucam, a fully private home security camera and the Pebble tracker, a trusted asset tracking device.  Find out more at: https://www.iotex.io/