Smart home systems must be secure by design across products and services and the entire supply chain if the industry is to deliver on its promises and meet ambitious market growth predictions, says a report published today by Beecham Research. In its report, ‘Bringing Security in the Smart Home: Approaches and Opportunities’, Beecham Research says that while connected appliances such as entertainment, lighting, home security and heating systems are already finding their way into typical households, there is a very real concern about security and privacy, which is holding back wider adoption.
“Smart homes by their nature introduce connections between multiple systems at multiple touch points and create an intersection between many other systems, including vehicles, energy grids, media streaming and the cloud,” says Saverio Romeo, Principal Analyst at Beecham Research. “An exploitable vulnerability in the home could lead to more serious breaches in any of the systems it touches, which complicates the security landscape. Whereas traditional network security focuses on fortifying, protecting and monitoring small numbers of routes to the network, an IoT (Internet of Things) environment has too many routes to effectively and economically secure in the same way. So, while many smart home devices are designed to be secure, the connections between them are often not protected.”
The Beecham Research report defines three main areas of risk; end user expertise, new business models and pervasive and persistent insecurity. Many users of smart home technology are not experts and may compromise security through using default passwords, for example, allowing attackers to gain access to home networks and connected devices including PCs and laptops. The problem is compounded by traditional consumer and household product companies rushing to develop connected products and services without adequate security knowledge or expertise – graphically highlighted by the hack of Mattel’s Hello Barbie doll. And with the long lifecycles of home products such as washing machines, attackers have plenty of time to reverse engineer security systems and protocols with the help of manuals and documentation available online.
Beecham Research believes that these fundamental issues need to be addressed to deliver trust in smart homes, building on existing guidelines covering technology and policy along with services and customer support. Concerted efforts by the likes of the Allseen Alliance, Open Connectivity Foundation, Open Interconnect Consortium, the IoT Security Foundation and OWASP (Open Web Application Security Project) are a positive move, but require more attention. The authors also point to a greater emphasis on security from home automation focused organisations including the likes of Z-Wave Alliance, the Home Gateway Initiative and the Thread Group.
“The smart home security market is behind the curve compared to the smart home products and services market,” says Saverio Romeo. “Most security is focused on devices and not very systematically, without strongly addressing connectivity and as-as-service models. This is in part due to the complexity of creating smart home systems and in part down to the level of risk that managed security service providers are happy to take on. But It is clear that the smart homes industry needs to be more proactive and take the lead rather than waiting to see where the next major threat comes from.”
The Beecham Research report is available at www.beechamresearch.com. The new focused report is an extension of a wider look at the Smart Homes market published at the end of last year entitled, ‘Smart Home Market – Current Status, Consumption Trends and Future Directions’.