Guest blog from Ralph Goodman.
In a world where all of your devices communicate and can be controlled from one central location, there is a growing concern about security. Interconnectedness can be a great thing. It allows users greater levels of convenience and control over their devices, which is unparalleled to anything we have seen before. There are many benefits, but there is still this one looming threat.
There is an old clique in the security world that pervades the minds of all skeptics. “A chain is only as strong as its weakest link”. Sure it is repeated ad nauseam, but it is repetition with purpose. With everything connected, one failure is all that is needed for the system to be compromised. The Internet of things, or IoT, takes this concern to the nth degree. The chain metaphor was first coined in the medieval times, where the chain in question was found on chain mail. A so-called “weak link” would have catastrophic results on the battlefield.
How does this relate to IoT and smart homes? Well, to borrow another overused sentiment, thanks to the Internet, the world has become a whole lot smaller. The battlefield that your security is being asked to perform on is global. Anyone with an Internet connection and some bad intentions can attack your personal IoT environment. How far they get is up to your layers of security, and the degree to which your home is connected. With the introduction of smart locks, this begins to affect your home security especially.
IoT devices have had a rough time with security over the years. The August smart lock itself was even hacked. When it comes to home security, one of the most important things are the locks on your doors. This oversight was not even a domino effect that led to an opened door. Instead, it cut right to the quick. Could we then look to historically secure locations to learn from their Internet connected locking systems? Well, not if we were to look at prison locks. Hackers recently found flaws in the US prison system’s integrated lock and security network, which would allow a hacker to open up all the prison doors at once.
Then we get to the smartphone. This device is the central hub for IoT technology. In the case of the iOS run smartphones, they could leave many users unable to interact with any of their IoT integrated devices. This type of failure would suspend any control over a smart home, including alerts and access. These attacks are Internet based, which separate them from something like the SimpliSafe exploit that requires being within radio range of the device. IoT exploits can be found and acted on from almost anywhere in the world. Devices do not need to be near one another. Their software just needs to interact. In the case of the Jeep Cherokee hack, the attacker would only require the IP address of the car. Once there is a way in, the system can be exploited as we saw with the Target hack, where credentials from the company’s AC subcontractor was used to steal debit card information.
Smart Home Security
These failings in IoT security transfer quite directly to possible issues with smart homes. Imagine your cameras hacked, so criminals can now see what you are doing in your home. They can even see when you are not around. Once you leave, they can open your door, and maybe even use your car locator to know when you will be back. We know that these types of attacks are possible, and from the history of crime, it is clear that homes, which use protections known with bypasses, will be targeted.
When issues in security arise, there will always be a grace period where security is compromised without available remedies. This issue will also never cease. Just like physical security, cyber security is an ever-changing landscape. There is no system that is unhackable, just like there is no such thing as a truly unpickable lock. These safety measures have simply not been overcome, yet. When it comes to your home, there is so much information that a hack would tell a criminal. This type of vulnerability has never been seen in the private sector before. If these integrated homes start to dominate the market, we may see a change in the sophistication of home burglaries.
The most comforting thing about these shortcomings is that many can be fixed with patches. Downloadable updates to the software can quickly and effortlessly close the backdoor exploits that exist in these products. Very strict security software, and access control measures such as crypto technology, can be used as preventative measures. This responsibility will by all accounts fall on the shoulders of the companies who sell these products, as the general public is not motivated to upgrade their security. So why worry? Because if you rely on others for your protection, you can never know how safe you are. Do research on your own, and begin to take cyber security seriously, because soon it will affect every aspect of your life.
Ralph Goodman is a local locksmith and an expert writer on all things locks and security over at the Lock Blog. The Lock Blog is a great resource to learn about keys, locks and safety. They offer tips, advice and how-to’s for consumers, locksmiths, and security professionals.