Keeping cyber intruders out of the smart home


How smart can a smart home get? Today, security professionals are pushing boundaries to provide innovative solutions that we could only have dreamed of 25 years ago. While home automation has become a convenient normality in residences across the world, its scope has extended far beyond simply turning lights off and changing the temperature with one’s voice … and hackers are noticing.

Automation not only improves daily lifestyle, but also provides a security solution accessible from anywhere. Where there is convenience for end users, there is also convenience for hackers.By using devices that connect to the Internet, there are inherent security risks. It is the job of the security dealer and systems integrator to be sure their clients are protected.

Let’s investigate some simple steps to help deliver on that responsibility.

Wireless Vulnerabilities
Cyber-attacks are expected to increase, especially as home automation technology continues to evolve and becomes more readily available at a reasonable price. Hackers do not care about someone’s business, livelihood or peace of mind. It’s critical that security dealers and systems integrators ensure that home automation systems can exist in a way that will not pose a cybersecurity threat. Homes should be a safe haven, and it is the integrator’s job to keep it that way.

Still, this increase in home automation attacks is forcing security professionals to ask themselves: Why home systems now? Automation is nothing new, but using it as a tool to gain access to more sensitive systems is. Wireless doorbells, keyless entry, digital thermostats and lighting systems are a few of the ways hackers are gaining access to homes today. Because the systems in a home automation setting are controllable via Bluetooth or Internet connection, it opens the door for hackers to use a seemingly innocent device, such as a wireless doorbell, as a point of entry.

This allows them to then gain access into something of higher importance, such as a computer. From there, hackers can gain access to a users’ most private information, including banking information, passwords or lock/unlock schedules. Homes equipped with automation are being targeted because they have multiple devices that connect to the Internet and, as we know, an Internet connection means cyber vulnerabilities.
The more devices a user has, the more vulnerable they are to cyber-attacks. Once a hacker gains entrance to a home system, users fall vulnerable to cyber physical attacks.

Cyber physical attacks occur when hackers are able to intrude over the wire/Internet and enable an action such as disabling security systems and then physically enter homes to steal or hack information directly rather than remotely. Home automation opens the door to new threats both literally and figuratively.

Basic Cyber-security Steps

When it comes to designing a system, there are three key points to keep in mind to ensure the highest levels of security are upheld.
1. Multi-factor Authentication
Multifactor authentication protects data while simultaneously assuring that the homeowner is indeed the homeowner. Hackers can guess passwords but the odds of them breaching multiple levels of authentication are slim. The more factors set in place create the reduced risk of an intruder gaining access to a private system. It is best to combat attacks before they happen, rather than wait for a system to be compromised. As the saying goes, it is not a matter of “if ” a user will fall victim to a cyber-attack, but rather when. Multiple layers of security are a good practice to deter potential hackers.

2. Encrypt the System

This probably seems obvious, but is the first line of defense against potential threats. It is one of the best methods of safeguarding privacy. This is especially important when protecting people’s homes. We live in a world of constant connectivity — whether through phone calls, emails, online purchases or social media. Actions that seem innocent, such as setting up a recurring delivery for pet food, can actually pose some big threats.

Hackers are becoming increasingly interested in targeting homes because, unlike major corporations, most system users are not security professionals. IP-based systems in homes have not traditionally had the same level of security as those in the corporate world.
Homeowners believe once a system is set up, they are good to go. With the right integrator, only after security measures have been implemented, this is the case. Without encryption in place hackers can easily intercept online logins, banking information, and can discover schedule patterns for when doors are locked and unlocked, such as when people are home.
Gone are the days when passwords were enough to secure your life from intruders. Integrators need to encrypt everything to be sure cyber integrity is upheld.

3. System Updates
If the system is not regularly updated with patches, then over time hackers will find new ways to infiltrate it. Just as humans need a new flu shot every year to protect against changing virus strains, security systems require the same level of routine maintenance.
The industry is constantly evolving for the better. However, as fast as new technologies evolve, so do new hacking methods.

Integrators should always think ahead and anticipate what might be a vulnerability in any system. While a low-cost device, such as a motion sensor outside the home, will save the user money, it can also enable some activity that could ultimately raise a risk for the homeowner.

In some instances, this can force both the integrator and the user to compromise. If you cannot trust the connectivity of a particular device that is costly, you may opt to use a less-modern solution, such as wires, that use technology that is not accessible from the Internet. It is important to not just look for the cheapest solution, but to implement the one that will not raise the risk level for end users.