Is The Smart Home Really That Secure?

Placing our domestic security into the “hands” of our devices is risky.
It’s a trend that’s been gaining traction for some time now, and all signs point to the future as being the era of the “smart home”. In this idyllic vision, consumers won’t have to remember to turn off the heater or when it’s rubbish day—rather, their home will do it for them. Much like our smartphones and laptops help us organize our business and social lives, built-in computers in our homes will manage our domestic lives.
While this may sound too good to be true to the average homeowner, there are already numerous companies that are making this fantasy a reality. Companies like Nest and Wink already have smart home-enabling devices out on the market, many of which are controllable from an owner’s smartphone while they’re not at home.
However, as this trend towards smart and connected continues, along with it comes serious privacy concerns and security precautions that even the most enthusiastic smart home dweller must pay serious attention to. First of all, the amount of data that is collected by these smart home systems is immense and, taken in aggregate, more revealing than consumers may think. Many consumers actually have no idea how much information about them is being collected by these devices that are intended to make their lives easier. And while device manufacturers are obliged to allow customers to opt out of their information being shared with other third parties, the transparency mechanisms to ensure this happens in practice don’t always stand up to scrutiny.
An unfortunate example of this arose recently when Nest’s web-connected smart thermostat, which adapts to customer’s heating patterns and adjusts itself automatically, reportedly leaked user data. Though the leaks were not intentional, it was revealed by researchers at Princeton University who published a report on the Freedom to Tinker website that the data was being transmitted unencrypted. This means that in a worst case scenario the data would have been vulnerable to hackers who were looking to intercept private information and use it for nefarious purposes. According to the report, “the Nest thermostat was revealing location information of the home and weather station, including the user’s zip code, in the clear.”
There is a big psychological discomfort associated with this kind of error, as everyone wants to feel safe in their own home. If a device malfunction threatens that, it’s truly bad news for a company like Nest. However, in their defense Nest said that the authors of the report had overstated the severity of the leak and that exact zip codes had not been revealed. “The authors initially made an incorrect assumption that the response to the weather update request contains exact location of the customer’s home,” according to Nest spokesperson.
Regardless of what actually occurred, it’s still not good news for the smart home sector. But regulators are increasingly catching on to the potential danger of unmitigated data retention. For example, the US’s Federal Trade Commission recently instructed best practice recommendations on how companies should notify their customers when it comes to data retention.
Many people underestimate the inter-connectedness of all the devices and platforms they’re already using, and this issue intensifies when it comes to smart homes. This was demonstrated in another investigation by  Charles Givre, a data scientist at Booz Allen Hamilton, who showed that even if one device is relatively secure, interconnectivity means hackers can “leap frog” to a less secure platform, device or account using common nodes of data.
In a report on investigative journalism outlet ProPublica, Givre was quoted as saying,” If you were to start aggregating this over time, you could get a frighteningly accurate picture of pretty much where I am at any given time of day.”
While smartphones undoubtedly are an exciting technology with a lot of future potential, the reality is that companies have a lot of work to do when it comes to making sure their networks are secure and that consumers are aware of the risks involved with handing over their data on a rolling, constant basis.
For more updates on how the internet of things is set to change our lives keep up with the VPS.NET Blog.