As computer-integrated devices start to fill our homes, a threat looms in the shadows. Smart TVs, webcams, thermostats, door locks, home alarms, and lights mean that your home can no longer be protected by physical doors and locks alone. Most people don’t realise the threat is even there, but in 2016 the smart home will make cybersecurity a household concern – and it’s about time.
Many of the companies that make these connected devices use off-the-shelf components and cloud services which they do not have control over. Questions over the supply chain and a lack of awareness mean that many of these objects have serious inbuilt security flaws. Devices lack basic protections, like encryption or adequate password systems. Even if the device does have security software, how do you patch these things in the wild? These objects are everywhere and moving, so it might be years before a security hole can be fixed.
The issue is becoming increasingly serious as most of these devices are collecting personal information about us that could be extremely valuable to a hacker (or government agency). Not only this but they also provide a backdoor into your home. Baby monitors have been used to swear at parents, scream at babies and spy on people. So far these revelations have not had the same impact as the car hacking events of last summer, when hackers remotely took control of a car while someone was driving it. It is difficult to convince people to act until something bad happens. As the smart home becomes a greater part of our lives, 2016 will be the year something bad does happen.
It isn’t all bad news though. An IoT security industry is growing out of these concerns and new technology like lightweight cryptography is making things easier. Companies like Dojo-Labs and F-Secure SENSE are making use of advances in machine-learning algorithms to provide an overarching connected home security system. This technology works a little like the body’s immune system, learning what normal activity on the network looks like and then reacting when it sees something unusual. It is the same approach that the security firm Darktrace has successfully employed, and will be a much bigger part of online protection in 2016 and beyond. Dojo-Labs has even created a glowing stone which acts as a physical embodiment of your smart home protection, helping to make digital security feel less abstract.
Even with this overarching protection, the basics will always be needed. Relying simply on the Dojo-Labs or F-Secure technology is a bit like relying on only your immune system to protect you. The reason why our bodies are so successful at avoiding infection is because they use a multilevel approach – physical defences like skin all the way down to cellular protections. Firewalls, passwords and encryption are all important for connected object security.
Closer relationships between the cybersecurity research community and IoT companies will be an important step in overcoming these challenges. A few companies like Philips have reacted positively to research by HPE and Rapid7 but others are suspicious, or worse do not seem to care about the impact at all. This year those concerns will have to be taken seriously as the implications become clearer and customer pressure finally builds.
At Nesta we talk a lot about the opportunities connected devices, smart homes and smart cities could bring but security failures could still undermine their potential. 2016 is going to be an important year for getting IoT security right.