Outsmarting the smart home
Talked about heavily at ISC West in April, cybersecurity is the buzzword in the industry right now, as manufacturers and dealers on the residential side try to figure out how to navigate through the potential minefield of new smart home products and devices that may leave their security systems vulnerable to hacking.
In a study unveiled this week, Cybersecurity researchers at the University of Michigan were able to hack into a leading "smart home" platform and essentially get the PIN code to a home's front door.
Their "lock-pick malware app" was one of four attacks that the cybersecurity researchers leveled at an experimental set-up of Samsung's SmartThings platform, and is believed to be the first platform-wide study of a connected home system. The researchers weren’t picking on Samsung, as the overall goal of the research was to show how vulnerable these new connected home devices and systems are to hacking.
The researchers found “significant design vulnerabilities from a security perspective," noting that hackers’ attacks can “expose a household to significant harm—break-ins, theft, misinformation and vandalism. The attack vectors are not specific to a particular device and are broadly applicable."
The findings will be presented on May 24 at the IEEE Symposium on Security and Privacy in San Jose, in a paper titled "Security Analysis of Emerging Smart Home Applications."
At the very least, this study—as well as numerous stories of hackers finding their way into connected home devices, from smart TVs to baby monitors—raises important questions that manufacturers and dealers must ask themselves in this new world of advanced technology and interactivity.
As Samsung works out the kinks in its system, many other smart home companies can benefit from this study, as it sounds an alarm—no pun intended—of the importance of cybersecurity. While no system is completely immune from hacking, the research also underscores the fact that smart home companies and dealers need to make sure they are adhering to, at a minimum, the industry’s best practices and guidelines.
One resource is UL’s new Cybersecurity Assurance Program, a standard by which companies can have their products tested and verified by UL for guard against well-known cyber risks.
Having your products and systems third-party tested is a good first step in addressing any security flaws that may be present, as well as any potential fixes, and provides a measure of comfort for customers who are making their first forays into this bold new world of connected home technology.