How secure is your IoT ‘home security’ system?

Following news this week that vulnerabilities have been found in the Xfinity Home Security system provided by Comcast, the world’s largest broadcasting and cable company* it is fair to ask how secure ‘IoT security’ systems really are. As Jeremy Cowan asks, who guards the guardians? 

Wired.com reports, “Philip Bosco, a security researcher at Rapid7, found vulnerabilities in Comcast’s Xfinity Home Security system that would cause it to falsely report that a property’s windows and doors are closed and secured even if they’ve been opened; it could also fail to sense an intruder’s motion.”

Rob Miller, head of Smart Energy at MWR InfoSecurity, tells IoT Now, “There is a belief in the IoT (Internet of Things) community that using a wireless protocol such as ZigBee means that the device is secure. ZigBee has a number of very effective security features such as encryption of communications, but it is not a silver bullet. (To see a home security guide comparing rival  systems go to: https://www.reviews.com/home-security-systems/)

“Developers of IoT need to consider the unique security risks of their products rather than assuming that they have already been solved for them. Many attacks such as denial of service, capture and replay of messages and side channel attacks could undermine an otherwise secure product.”

Rob Miller, head of Smart Energy, MWR InfoSecurity
Rob Miller, head of Smart Energy, MWR InfoSecurity

“IoT is a rapidly growing area, as seen at this year’s CES 2016 conference. Making a device smart is seen as a way of gaining a competitive edge in a range of products, from fitness to home security,” says Miller. “This advantage is strongest when your product is first to market whilst also being efficient and practical. Building a competitive device requires short development times, reduction of component cost and reduction in power usage. This often means that security is marginalised in an attempt to get the product out the door at a reasonable price. The consequences for a simple smart device may be minimal, but when these devices start controlling our burglar alarms or car doors, then the priorities must be adjusted.”

Failures in IoT security

IoT Now asked where the risks lie in IoT security?

“There are two races happening at the moment that are leading to security failures in IoT. The first is over which wireless protocol will become the de facto standard in IoT.  Developers and manufacturers of wireless protocols and hardware need to be clear not only what security features their solutions have, but also how to use them safely and where their limits are.

“The second race is which IoT products will become the ‘must haves’ for 2016.” Miller concludes that, “IoT vendors should consider not only the impact of being first to market, but the impact to their brand when the security of their products is exposed to the world.”

* (largest by revenue)

Comment on this article below or via Twitter: @IoTNow_  OR  @jcIoTnow

 

FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
RECENT ARTICLES

Infineon and Rainforest Connection create real-time monitoring system to detect wildfires

Posted on: October 22, 2021

Munich and San Jose, California, 21 October, 2021 – Infineon Technologies AG a provider of semiconductors for mobility, energy efficiency and the IoT, announced a collaboration with Rainforest Connection (RFCx), a non-profit organisation that uses acoustic technology, Big Data and Artificial Intelligence / Machine Learning to save the rainforests and monitor biodiversity.

Read more

Infineon simplifies secure IoT device-to-cloud authentication with CIRRENT Cloud ID service

Posted on: October 21, 2021

Munich, Germany. 21 October 2021 – Infineon Technologies AG launched CIRRENT Cloud ID, a service that automates cloud certificate provisioning and IoT device-to-cloud authentication. The easy-to-use service extends the chain of trust and makes tasks easier and more secure from chip-to-cloud, while lowering companies’ total cost of ownership. Cloud ID is ideal for cloud-connected product companies

Read more