Will 2020 be the year home IoT cyber attacks get serious?

David Maher, EVP & CTO of Intertrust

When it comes to disruptive change, the emergence of the smart home is driving demographic, economic, and technological advancement as never before, says David P. Maher, executive VP and chief technology officer of Intertrust. This application of IoT, where private households and the devices that run them are connected to the internet, is creating an ecosystem that grew to more than 6.2 billion devices last year alone and is expected to grow to 7 billion by the end of 2020.

While these figures generate excitement in the consumer electronics industry, they also represent a surge in the number of vulnerable home IoT devices. As a result, providers of home IoT platforms, intelligent assistants, and connected services of all types are now moving to adopt a ‘comprehensive systems’ point-of-view to ensure that incumbent consumer-oriented issues like usability, convenience, privacy, and security are addressed in a unified way.

Home IoT platform providers such as Google, Apple, Amazon, and virtually every provider of home-oriented devices appear to have come to the important realisation that consumers have not been able to enjoy the full potential value of home IoT, and never will, until fundamental ease-of-use and security issues are addressed.

Everything from device identity and naming to safe and secure discovery must become much easier for consumers. Just as important, a more comprehensive, yet lighter-weight form of interoperability is needed to allow new services to help coalesce a homeowner’s IoT devices into a coherent and usable system that offers real convenience, security, and privacy.

This year we are certain to see a real “connected home over IoT” approach. This reflects the important work advanced by the Project Connected Home over IP, an industry working group that aims to develop and promote a shared vision that smart home devices should be secure, reliable, and seamless to use.

Home IoT devices bring both vulnerabilities and frustration into the home. However, there is an opportunity to make them work with a new class of integrated services that merge both physical security and cybersecurity capabilities that are simple for consumers to use and understand.

Intelligent services, not just intelligent assistants, can also help ensure that when a new device is added to a system, it serves as a defensive sentinel, rather than an attack point for intruders. Technologies will help, but so will standards for device and application security self-defense.

So far, the home IoT industry has largely avoided debilitating cyberattacks, however as smart home technology comes into the mainstream, this could be the year that such attacks become real. It is crucial that the industry as a whole realizes that the clear and present danger of vulnerable home IoT networks is the real security issue, and take appropriate action to reduce this threat.

Many home IoT devices are sorely lacking when it comes to protecting users, something that cyber intruders have also noticed. A Honeypot survey revealed that cybersecurity company F-Secure saw a 12-fold increase in attacks by way of protocols used by IoT devices and Windows. Much of the attack traffic came from the Mirai malware that was first noticed back in 2016. While certainly troublesome, so far Mirai has served mainly to collect compromised home IoT devices into botnets for DDoS attacks on servers and has generally left device owners alone.

History doesn’t portend an optimistic state of affairs to continue. The first internet worm, called the Morris Worm, was introduced more than 30 years ago. It wasn’t until 7 to 10 years later that truly destructive virus attacks appeared in the wild, spawning today’s cybersecurity industry. It’s only a matter of time before cyber intruders find valuable targets in the smart home using malware that will open the floodgates to a new set of vulnerabilities.

With the sorry state of home IoT security, home owners usually rely on network security, often provided through their ISP. One important point that is often lost is that IoT devices are actually operating in an environment comprised of a network of networks. For example, many home IoT devices shipping today support both WiFi and Bluetooth. Network security measures may address the WiFi network but not the Bluetooth network. Enterprising cyber intruders could potentially use the Bluetooth network to compromise IoT devices in the home, or mobile devices could be compromised and introduced into a home network.

These devices are often ‘hyperconnected’ in that they can communicate with any number of servers participating in cloud service ecosystems for which the device is a member. Each of these represent yet another potential path for bad actors to attack home IoT devices. Not only is network security insufficient to protect many potential paths of attack, but once a compromised device is introduced it can easily become a vector for infecting other devices on the same network. The entire smart home network must then be considered compromised, a proverbial ticking time bomb for the homeowner.

The limitations of network security places the onus on developers of home IoT devices to adopt a security strategy based on a zero-trust principle. In a zero-trust security posture, a device cannot rely on other devices in its environment for security. Every single device must be resistant to security attacks as they are potential entry points to more valuable and sophisticated targets. In fact, the FBI has issued a warning on “drive-by” hacking, whereby attackers use unsecured devices to get to the router and gain access to everything on the home network.

An overall systems approach to security will take the entire home network into account, from lightbulbs and speakers to phones and laptops. While strong security can be employed in simple devices, the practice needs to become more commonplace and supported by cloud-based services. But even if all home IoT devices were to start shipping with appropriate security tomorrow, there will still be a myriad of “orphaned” devices already installed with indeterminate chances of being updated.

The solutions to address home IoT security vulnerabilities are becoming more difficult as time goes by which only emphasises the need to address them now.

The author is David P. Maher, executive VP and chief technology officer of Intertrust’s

About the author

David P. Maher is Intertrust’s executive VP and chief technology officer. With more than 30 years of experience in secure computing, he holds dozens of patents and has published papers in the fields of mathematics and computer science. A consultant for the National Science Foundation, National Security Agency, National Institute of Standards and Technology, and the Congressional Office of Technology Assessment, Maher holds a Ph.D. in Mathematics from Lehigh University.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

Nordic-powered smart utility access cover offers anti-theft protection and detects open/close events

Posted on: August 16, 2022

Oslo, Norway – China-based Jian-IOT has launched a smart utility access cover that can detect when the cover has been opened or closed, records water level and temperature data, identifies any damage, and includes an anti-theft system that tracks the current location of the device. The ‘Integrated Intelligent Manhole Cover’ employs Nordic’s nRF52832 SoC to both act

Read more

Helbiz to offer on-demand taxi services to widen international intermodal offering

Posted on: August 16, 2022

New York, United States – Helbiz, a global provider in micro-mobility, announced the beginning of a new chapter for its intermodal mobility offering, Helbiz Taxi. The micro-mobility company aims to integrate mobility services around the world in its app to widen the intra and extra urban mobility offerings to include vehicles from additional companies with

Read more
FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more
IoT Newsletter

Join the IoT Now online community for FREE, to receive: Exclusive offers for entry to all the IoT events that matter, round the world

Free access to a huge selection of the latest IoT analyst reports and industry whitepapers

The latest IoT news, as it breaks, to your inbox