Human beings have always sought ways to make their lives better, simpler and more comfortable. It is this hunger for a better life and more free time that feeds the ever-evolving nature of technology and internet use.
Industry experts note that the number of connected devices is exploding. The projections suggest that the number of connected devices will grow to over 8.3 billion in 2017. This is an increase from 6.38 in 2016. These figures include smart or robotic home devices such as TVs, refrigerators, lightening, garage doors, cleaning products, and security cameras all of which are part of home automation. See Robots In My Home for more examples. It is also important to note that the figures do not include devices such as smartphones, tablets and personal computers.
Today, the internet remains one of the most influential technologies in the world. The number of people connected to the internet continues to grow with increased internet penetration.
Between 2000 and 2016 for example, analysts estimate that the number of internet users increased to 3.2 billion from 738 million. In the United States, the number of internet users grew from 121.87 million in 2000 to 286.94 million in 2016.
As internet penetration continues to increase, so does the role of the internet in the day to day activities of human society. The fact that the internet is easily compatible with many modern-day devices also reflects its growing importance. The incorporation of the internet into devices helps to give rise to smart devices.
On the downside, the continued growth of the internet and internet-connected devices has the effect of increasing cybercrime.
HOME AUTOMATION: THE SMART HOME
Home automation is the use of computers/smartphones to remotely control home appliances and other technology-based functions such as heating and air conditioning. Users can control these devices from anywhere in the world as long as one is connected to the internet and the network of the devices.
Home automation is often synonymous with the concept of smart homes. Advocates of smart home technology associate it with benefits such as increased convenience, security, and comfort. Other’s have also recognized the green nature of smart home technology and particularly in enhancing energy efficiency.
The global home automation market in 2016 was $29.93 billion and is projected to reach $79.57 billion by 2022. The United States leads the home automation market. In fact, market reports suggest that by 2020, the number of smart homes in the nation will increase almost five times from that of 4.6 million recorded in 2015.
Some good examples of smart devices in an automated home include;
- Smart TV sets which allow users to browse the internet and use social media. Others have specialized functions such as face and gesture recognition,
- Smart lighting systems which allow users to control lighting remotely. Others also have motion recognition functions.
- Smart thermostats allow homeowners to control the temperatures of their home conveniently from anywhere. It is also possible to program some thermostats to operate automatically.
- Smart kitchen appliances allow such as smart fridges, smart washing machines, smart coffee-makers., smart slow cookers and even smart trash bins all help to increase convenience in the kitchen.
- Smart security cameras which allow homeowners to keep track of the on-goings in the home even when they are away. Some also come with smart motion sensors that can sense suspicious behavior and even notify authorities.
- Smart locks and garage doors make it easier for homeowners to secure their homes and open garage doors.
- Smart baby monitors help parents to keep a check on their infants as they sleep in the bedroom.
VULNERABILITIES OF SMART HOMES
Although smart homes are modern, eco-friendly and highly efficient, these technological homes also come with significant security risks. Security experts note that as consumer’s buy more smart home devices, they expose themselves to major security threats. These include theft, blackmail, and extortion among other threats.
Although cybercrime targeting smart homes is still low, experts project significant increases in crime as the number of connected devices rises. Cybercrime is also associated with increased financial burdens on the victim especially when a ransom Is involved.
Studies have revealed that home automation is susceptible to cybercrime thanks to some factors;
1. Internet of Things
(Source: TEDx Talks)
One of the biggest defining features home automation is the inter-connectivity of smart devices and their communication with each other. This communication often happens via wired and wireless protocols. Additionally, most of the communication between the devices occurs with minimal human interaction. This phenomenon, better known as the Internet of Things is quite common these days. In fact, it is not uncommon for homeowners to have more than five smart devices.
According to some industry analysts, Smart American homeowners will have an average of 8.7 smart devices in the home. While providing consumers with the ability to interact with their devices through a single protocol seamlessly, IoT also increases the possibility of cybercrime.
Indeed, security specialists note that is a huge challenge for homeowners to manage and monitor the security of too many devices. This also means that cyber-burglars and other cyber-criminals can access the smart home through multiple avenues such as the Smart TV, smart Fridge or even Smart baby monitor. This is unlike a conventional home where none of these pose any cyber-security threats.
2. SmartApps and Smart-Devices have too many Privileges
Often, smart devices perform specialized functions such as locking doors, turning an oven off/on or even helping to monitor a sleeping child. However, many smart devices also have other privileges such as the ability to use a camera or even provide the location of the smart device.
Unlike in smartphones, smart home devices commonly cluster these permissions together rather than asking for separate permissions from different functions. For example, cybercriminals can access homes and monitor the behavior of homeowners through surplus functions such as a camera in a baby monitor.
Additionally, a smart lock that can automatically open a door at a certain time can also automatically unlock the same door. Some studies suggest that at least 55% of smart-home devices and their related smart-apps have access to more functions and privileges than they need.
3. Insecure Communication Protocols
As noted earlier, home automation often depends on the inter-connectivity and communication between different smart devices. Communication often takes place on the local home area network via Wi-Fi, Bluetooth or even Near Field Communication protocols. Homeowners also regularly use smart devices such as smart refrigerators and smart television sets to send and receive messages and also interact with the world.
Unfortunately, most of these communication protocols are insecure and relatively open to cyber-criminals. The most worrying thing is that SmartApps often have access to messages that are not directly related to the core privileges of the device. For example, a smart door lock may have a smart application that reads and monitors its battery level. However, cybercriminals may also use such a SmartApp to listen in on messages that may contain the lock’s PIN code.
Some smart-home devices may also imitate smart home devices and even send out malicious messages that appear to originate from the actual device. This may happen if a malicious SmartApp gets access to the network ID of a device and uses this ID to create a false message. For example, a battery-level smart application may imitate the actual door lock and send a false message that the lock is closed when in reality it is not.
4. Insufficient Product Design
This is among the biggest vulnerabilities of home automation. Many manufacturers emphasize developing gadgets and devices that are convenient, efficient and useful in the home. A smart slow cooker, for example, enables homeowners to continue cooking even when away from home. While manufacturers do indeed achieve convenience and efficiency, many of them do so at the expense of adequate security measures.
Ultimately, many smart devices have questionable security measures. Some do not even have the most basic security functions. Others fail to separate security features from the normal functions of the product. This is a worrying trend particularly considering the increased occurrence of cybercrime
5. Poor Software Updating and Patching
Most developers of home automation devices do not provide regular updates or software patches. Security analysts note that regularly updating and patching up software is of absolute importance to cybersecurity. Some studies have asserted that up to 97% of cybercrime targets devices that fail to patch up the existing software vulnerabilities.
Homeowners are also at fault when it comes to software updates since some ignore or forget to update their devices. Additionally, the availability of commercial off-the-shelf software and open source software also increases cyber-security risks. These make it more difficult for vendors to track down and identify vulnerabilities.
6. Improper use of Devices and Applications
Although some security vulnerabilities in home automation technology are inherent, some are down to the homeowners. A considerable number of homeowners purchase smart devices without even understanding how to use them properly.
In many cases, homeowners are not even well familiar with basic device security protocols and measures such as configuring keys and passwords. It is also not uncommon for people to leave the webcams on devices such as a smart TV on even when they are not using them.
Cybersecurity experts note that homeowners should pay more attention to the way they use and even position devices in the home.
SMART HOME CYBERSECURITY INCIDENTS AND VULNERABILITIES
As noted earlier, cybercrime targeting smart homes is still relatively low. Nonetheless, some experiments and incidences alike have uncovered the risk of cybercrime in smart homes. While some of these incidences are from foreign countries, they are still a reflection of what could happen even in American homes.
1. Distributed Denial of Services Attacks (DDoS)
In this type of cybercrime, malicious individuals gain access to a server, network or website and subsequently cause a denial of service to the users of the targeted network. The attack, which often takes place from multiple systems, floods the network/system/website with messages, requests and malicious packets. Subsequently, this causes the network to slow down and possibly even crash.
In October of 2016 for example, hackers were able to compromise more than 100,000 Internet of Things devices using them to block traffic to websites such as Netflix and Twitter. News reports suggest that the cybercriminals in the October attack used botnets infected with malware known as Mirai to access and subvert DVRs and webcams. This malware scans the web for IoT devices that have insufficient security measures such as factory-default usernames and passwords.
This is also a perfect example of how cybercriminals can use home automation devices as a weapon. It is important to note that most of the devices affected by this attack were from a single manufacturer.
2. University of Michigan Experiment
The University of Michigan conducted an experiment in which it tested the cybersecurity of widely available smart home automation systems. From the experiment, the researchers were able to hack into the home automation systems successfully. Most worrying is the fact that they were able to open locks, change the pre-settings of home automation systems and even trigger a false fire alarm remotely.
3. DEF CON 24 Annual Hacker Convention
In this annual event, researchers sought to review and identify vulnerabilities in smart locks from different manufacturers. For the review, the researchers considered 16 different brands of Bluetooth enabled smart locks. The findings of the review indicated that 12 out of the 16 locks reviewed had insufficient security measures and were highly vulnerable to cyber-attack.
4. Baby Monitors Get Hacked
Smart baby monitors allow parents to keep track of their sleeping babies even when they are at work or running an errand. However, the cyber-security community asserts that smart baby monitors are quite susceptible to hacking and other forms of cybercrime. According to experts, this is mostly because of the inherent security flaws in most baby monitors.
In 2015, researchers examined and analyzed the security measures in 9 different models of baby monitors. The analysis determined that 8 of the devices were insufficiently secured and were therefore vulnerable to attacks.
In the real world, some parents have already reported incidences of hackers getting access to smart baby monitors and using them to hurl insults, threats and play pranks. Some cybercriminals also use smart baby monitors to study the lives and schedules of parents and their children.
In conclusion, as the number of smart homes increases, cybercrime is also bound to increase. Homeowners should keep themselves safe through simple actions such as regularly changing passwords and even ensuring that they update software regularly.