Our world is becoming increasingly connected and, in many ways, our lives revolve around the internet. It’s perhaps not surprising that we want to connect as many areas of our lives as possible.
The Internet of Things (IoT) is abuzz with the prospect of increasingly connected refrigerators, grills, climate control systems and coffee makers that can make everyday life a little easier.
Appliances are communicating with other appliances and homeowners, sensors are gathering data and tailoring their functions around the unique needs of the family, and household gadgets and devices can be managed at your fingertips — at or away from home.
In fact, Juniper Research projects the smart home market to reach $72 billion by 2018.
But as smart home features continue to emerge, so, too, are growing security concerns.
Research has highlighted a multitude of smart home security flaws, and some have already been exploited.
Automated technology on the market is fairly new, and there aren’t many security features built into them.
Some experts posit that manufacturers currently rely too heavily on the end-user to secure their devices. That’s why it’s important for real estate agents to have knowledge of these critical security frailties — so that curious consumers can be made aware of them.
Smart security systems
Let’s start with the more obvious (and ironic) of the home automation flaws: smart home security. Many connected consumers are outfitting their homes with Wi-Fi cameras, allowing them to control their devices and monitor their homes remotely with a smartphone app.
Last November, however, more than 73,000 internet-enabled cameras were hacked, and their footage was leaked on the web for all to see.
The issue here was a fairly simple one: customers didn’t think to change their passwords. This alludes to the misconception among consumers that, unlike PCs or credit cards, smart devices aren’t exposed to the same types of security breaches.
Aside from smart cameras, though, many connected homeowners are also integrating garage door openers and door locks to their smart security system, which presents an array of other security risks.
For instance, researchers at the University of Michigan were able to infiltrate a top-tier home automation system by using a malware app (among others) to obtain the PIN code to the front door.
Their findings suggest that smart home security is currently too flawed to be used where a security system is absolutely vital.
It might seem like a childish prank — someone hacking into your thermostat. There is even the case of the disgruntled husband who infiltrated his ex-wife’s connected thermostat with his smartphone, where he was able to manipulate the temperature to ensure his ex and her new beau’s lives were a little less glamorous.
But hacking into a thermostat might not be as harmless (or in this case, petty) as it seems.
The top-notch smart thermostats on the market gather information on everyone living in the home. With these data-gathering sensors, they know when people are home, the daily routines and schedules of the home’s inhabitants, when they’re awake or asleep and their preferred temperature levels.
In conjunction with an experiment conducted by the University of Central Florida, security researcher TrapX Security was able to hack into a leading smart thermostat device by “jail breaking” it during the boot-up process.
Once inside, they were able to co-opt other smart devices using the same Wi-Fi network and had access to sensitive information — like when people were or weren’t home.
It should be noted, however, that this kind of security breach necessitates getting access to the physical device. In other words, it’s a scenario that may be unlikely to play out in the real world — unless, of course, someone purchases a used device.
Again, hacking into a lighting system may bring to mind juvenile high jinks — teenage pranksters flickering the lights on and off while the bewildered family futzes around from room to room.
As annoying as that may be, it’s generally not perceived as a serious security threat. But once hackers have access to the lighting system, they also have control over the home’s electricity consumption, and the main issue here doesn’t just lie in exorbitant energy bills.
Like other smart devices, networked lighting may be used as a point of entry to the home’s entire automation system.
Researchers have leveled security breaches across a variety of lighting products that use a Wi-Fi network. Once a hacker has corrupted a connected light, authentication protocols used in either system can be overcome, thereby enabling the hacker to have control over the entire network.
Case in point: virtually any device integrated into a smart home can be used as a gateway to its central hub.
While it’s true that some of these discovered security risks have only been lab-tested (up until now), they also shed light on possible real-world applications.
There have already been cases of hackers invading baby monitors to yell obscenities into nurseries as well as the aforementioned internet-connected camera devices whose footage was unwittingly streamed on the internet.
Think of smart home security risks as a window left open in the guest room of the house. Sure, there might not be anything of value in that room, but it may offer access to the rest of the home.
The more integrated our technology becomes, the more sensitive information our gadgets and appliances can gather about us.
That data can be procured and used in ways we hadn’t anticipated, and well-known security risks associated with PCs and credit cards could become quite true for your connected climate control, security and slow cooker.
Anticipating the issues and concerns that consumers may have with smart home features means that agents need to stay ahead of the curve with the security risks associated with them.
Much like basic home security — door and window locks, sufficient outdoor lighting, home monitoring systems, etc. — smart technology will only be as effective as the connected consumers who use them.
Arun Ganesan serves as Vice President and Chief Technology Officer at Esurance, where he’s responsible for data management, cyber security, business intelligence, infrastructure and operations.