Will 2020 be the year home IoT cyber attacks get serious?

David Maher, EVP & CTO of Intertrust

When it comes to disruptive change, the emergence of the smart home is driving demographic, economic, and technological advancement as never before, says David P. Maher, executive VP and chief technology officer of Intertrust. This application of IoT, where private households and the devices that run them are connected to the internet, is creating an ecosystem that grew to more than 6.2 billion devices last year alone and is expected to grow to 7 billion by the end of 2020.

While these figures generate excitement in the consumer electronics industry, they also represent a surge in the number of vulnerable home IoT devices. As a result, providers of home IoT platforms, intelligent assistants, and connected services of all types are now moving to adopt a ‘comprehensive systems’ point-of-view to ensure that incumbent consumer-oriented issues like usability, convenience, privacy, and security are addressed in a unified way.

Home IoT platform providers such as Google, Apple, Amazon, and virtually every provider of home-oriented devices appear to have come to the important realisation that consumers have not been able to enjoy the full potential value of home IoT, and never will, until fundamental ease-of-use and security issues are addressed.

Everything from device identity and naming to safe and secure discovery must become much easier for consumers. Just as important, a more comprehensive, yet lighter-weight form of interoperability is needed to allow new services to help coalesce a homeowner’s IoT devices into a coherent and usable system that offers real convenience, security, and privacy.

This year we are certain to see a real “connected home over IoT” approach. This reflects the important work advanced by the Project Connected Home over IP, an industry working group that aims to develop and promote a shared vision that smart home devices should be secure, reliable, and seamless to use.

Home IoT devices bring both vulnerabilities and frustration into the home. However, there is an opportunity to make them work with a new class of integrated services that merge both physical security and cybersecurity capabilities that are simple for consumers to use and understand.

Intelligent services, not just intelligent assistants, can also help ensure that when a new device is added to a system, it serves as a defensive sentinel, rather than an attack point for intruders. Technologies will help, but so will standards for device and application security self-defense.

So far, the home IoT industry has largely avoided debilitating cyberattacks, however as smart home technology comes into the mainstream, this could be the year that such attacks become real. It is crucial that the industry as a whole realizes that the clear and present danger of vulnerable home IoT networks is the real security issue, and take appropriate action to reduce this threat.

Many home IoT devices are sorely lacking when it comes to protecting users, something that cyber intruders have also noticed. A Honeypot survey revealed that cybersecurity company F-Secure saw a 12-fold increase in attacks by way of protocols used by IoT devices and Windows. Much of the attack traffic came from the Mirai malware that was first noticed back in 2016. While certainly troublesome, so far Mirai has served mainly to collect compromised home IoT devices into botnets for DDoS attacks on servers and has generally left device owners alone.

History doesn’t portend an optimistic state of affairs to continue. The first internet worm, called the Morris Worm, was introduced more than 30 years ago. It wasn’t until 7 to 10 years later that truly destructive virus attacks appeared in the wild, spawning today’s cybersecurity industry. It’s only a matter of time before cyber intruders find valuable targets in the smart home using malware that will open the floodgates to a new set of vulnerabilities.

With the sorry state of home IoT security, home owners usually rely on network security, often provided through their ISP. One important point that is often lost is that IoT devices are actually operating in an environment comprised of a network of networks. For example, many home IoT devices shipping today support both WiFi and Bluetooth. Network security measures may address the WiFi network but not the Bluetooth network. Enterprising cyber intruders could potentially use the Bluetooth network to compromise IoT devices in the home, or mobile devices could be compromised and introduced into a home network.

These devices are often ‘hyperconnected’ in that they can communicate with any number of servers participating in cloud service ecosystems for which the device is a member. Each of these represent yet another potential path for bad actors to attack home IoT devices. Not only is network security insufficient to protect many potential paths of attack, but once a compromised device is introduced it can easily become a vector for infecting other devices on the same network. The entire smart home network must then be considered compromised, a proverbial ticking time bomb for the homeowner.

The limitations of network security places the onus on developers of home IoT devices to adopt a security strategy based on a zero-trust principle. In a zero-trust security posture, a device cannot rely on other devices in its environment for security. Every single device must be resistant to security attacks as they are potential entry points to more valuable and sophisticated targets. In fact, the FBI has issued a warning on “drive-by” hacking, whereby attackers use unsecured devices to get to the router and gain access to everything on the home network.

An overall systems approach to security will take the entire home network into account, from lightbulbs and speakers to phones and laptops. While strong security can be employed in simple devices, the practice needs to become more commonplace and supported by cloud-based services. But even if all home IoT devices were to start shipping with appropriate security tomorrow, there will still be a myriad of “orphaned” devices already installed with indeterminate chances of being updated.

The solutions to address home IoT security vulnerabilities are becoming more difficult as time goes by which only emphasises the need to address them now.

The author is David P. Maher, executive VP and chief technology officer of Intertrust’s

About the author

David P. Maher is Intertrust’s executive VP and chief technology officer. With more than 30 years of experience in secure computing, he holds dozens of patents and has published papers in the fields of mathematics and computer science. A consultant for the National Science Foundation, National Security Agency, National Institute of Standards and Technology, and the Congressional Office of Technology Assessment, Maher holds a Ph.D. in Mathematics from Lehigh University.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
RECENT ARTICLES

Silicon Labs brings AI and Machine Learning to the edge with matter-ready platform

Posted on: January 24, 2022

AUSTIN, TX. 24 January 2022 – Silicon Labs, a specialist in secure, intelligent wireless technology for a more connected world, announced the BG24 and MG24 families of 2.4 GHz wireless SoCs for Bluetooth and Multiple-protocol operations, respectively, and a new software toolkit. This new co-optimised hardware and software platform will help bring AI/ML applications and

Read more

The chaos of legacy equipment

Posted on: January 24, 2022

Legacy equipment is vital to the functioning of many manufacturing facilities. Nevertheless, with rapid advancement in automated and connected technologies, managing both new and old equipment simultaneously can be a challenging balancing act. Here Johan Jonzon, CMO and co-founder specialist in edge analytics for the industrial Internet of Things (IIoT), Crosser, shares insight into how

Read more