Internet-connected home security: What can go wrong?

Internet Connected Home Security Systems: What Can Go Wrong?

“What can go wrong?” is a blog series on the risks associated with using “Internet of Things” smart devices like phones, cars, webcams and voice control devices like Amazon Echo.

Home monitoring and security systems sales are on the rise. “People are becoming more safety conscious,” says Rory Russell, owner, Acquisition and Funding Services (AFS), Kattskill Bay, N.Y. “Business has been good in the industry,” says Michael Flink, president, ADI Global Distribution, Melville, N.Y.  Nearly 6 Million homes had professional monitoring by 2015, according to recent Parks research. Markets and Markets report that the home security market is expected to grow at a rate of over 10% annually through 2022.

The Rise of the Smart Home

According to iControl Networks 2015 State of the Smart Home Report “In just 12 months, we’ve seen a rise in the level of excitement about the smart home with millennials (79%) and parents (76%) leading the pack, and 50% of the overall population excited about the technology. Intent to purchase smart home technology is quickly following suit, with 50% of people saying they plan to buy at least one smart home product in the next year (U.S. intent is slightly higher at 54%).”

They also noted, “It makes sense that home monitoring cameras and connected door locks are among the most popular devices when you consider that a burglary takes place every 14.1 seconds in the U.S. and 56% of break-ins are through the front or back doors.”

Multiple Security Flaws in many IoT devices

According to The Telegraph, HP investigated 25 Internet of Things devices and found 250 “potentially dangerous” security flaws. “The devices came from manufacturers of TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers”.

The article’s author Matthew Sparkes notes that “90% of the devices collected personal information. 70% transmitted that data on an unencrypted network and 60% had insecure user interfaces. Eight out of ten failed to require a strong enough password.”

What can go wrong?

Manufacturers have been rushing products to enter this market. Along with that, the entire industry has failed to adequately consider the security of these devices. Most rely on smart phone or web applications for management, which only further complicates security protection measures. As well as offering a potential point of access to anyone on the Internet.

Sparkes says, “…it was vital that these devices be more secure before the IoT grows to 26 billion devices by 2020. It suggested that companies perform a thorough security review of their products, including the devices themselves, controlling apps and any communications protocols in order to be a ‘good Internet of Things citizen’.”

A false sense of security worse than no security?

iSchool Professor Joon Park noted in his Introduction to Computer Security class that a false sense of security is worse than no security at all. This is because if you know you have no security you are less likely to take risks than if you think you have a working security system. Brett Stephenson, a Senior Financial Advisor at Branston Partners notes: “but Barry and many other less fortunate victims will attest to the fact “ … “there is nothing more empty than a false sense of security”.

What Can You Do About it?

Consider waiting on such purchases until the market matures more, or at least carefully research devices before buying. If you really feel that you want to move forward with an Internet-connected security system, consider hiring a consultant to help with setup and specifically security hardening. Some security flaws can be mitigated, others cannot. In some cases, IoT device flaws are so severe they cannot be mitigated. Unless you are knowledgeable in computer security, chances are you will not know how to tell the difference.

Michael Wangerin

Michael Wangerin

Michael Wangerin has been working in IT for 30 years in engineering and management positions and is currently getting his MS in Information Management from the iSchool. He was the founder of a successful computer consulting firm, operating it for over 16 years and earning the Microsoft Gold Certified Partner designation before selling it in 2010. His experience includes application development, infrastructure, and security. He has earned numerous certifications including Sage Certified Pro Series ERP Consultant, SonicWALL Certified Security Administrator, and multiple Microsoft Certified Professional Certifications.

More Posts