IoT Security: Smart homes are vulnerable
Remote-controlled light switches, automated thermostats, “talking” audio and video players, networked cars or interactive toys for our children: In the Internet of Things, many devices in Smart Homes can be connected to a network and thus considerably increase comfort in everyday life. But in many cases this convenience is at the expense of IoT Security.
The European IT Security provider ESET was interested in how exactly this security and privacy in the constantly growing number of networked households (Smart Homes) is. To this end, ESET under the direction of the renowned expert Tony Anscombe conducted a practical test of a selection of IoT devices for Smart Homes. The result: some of the devices have significant security deficiencies – and some of them also collect large amounts of data without permission, as the published whitepaper shows.
The experts tested a total of eleven products from seven suppliers. Among them Amazon, D-Link, Sonos and Nokia. None of the test subjects were fully convincing. There were problems with data protection for each of the tested devices. While most devices and services need to collect basic personal information and the type and extent of use in order to perform their tasks, testers see signs that more information may be collected than is stated in the privacy policy.
Anscombe’s team classifies language assistants as the most problematic. It is to be feared that the information collected will be disseminated and used commercially. In addition, the protection of stored personal data is at best inadequate. This makes it easier for cybercriminals or data thieves to intercept digital traffic and misuse the information for their own purposes.
Smart homes are not defenceless
No device/software is safe or immune from potential vulnerabilities. However, there are significant differences in how companies react to this problem when it is discovered. Some of the devices tested had security holes that were quickly plugged with new software and firmware. However, if such risks are not eliminated immediately or the manufacturer does not react at all, then interested users should rather choose a different, equivalent device, the experts advise. Smart homes can be operated securely and safely even today with a sense of proportion and caution.
Tips for safe Smart Homes
Consumers should not put their trust in the safety promise of the devices used. With these tips, users protect their smart homes against espionage, data theft and other attacks and increase their IoT Security.
- Always up-to-date firmware
The firmware of the device should be updated automatically by the manufacturer. At the very least, however, you should be regularly informed about updates via an application or e-mail in order to be able to install them promptly. - Take data protection seriously
Read the privacy policy. When you understand what data is collected, stored, or shared, you can decide whether to keep the device part of the overall network or keep it isolated. And if neither of them is considered safe, it is said: Get your hands off this device! - Limit the flood of information
Caution is advised when exchanging data on social networks or with a provider’s systems. For many cybercriminals, this sharing of location, device and usage patterns is sufficient to obtain enough data for fraud or attack. - Don’t reveal everything
Digital speech assistants are undoubtedly practical. However, users should carefully consider how much they tell their assistant or ask him/her to collect on their behalf. Even though voice control is convenient, there is no complete assurance that your voice information will not fall into the wrong hands. - Build a barrier
If possible, you should also protect the devices in the smart home effectively against attacks.
Not completely altruistically – but justifiably – the testers point out that such a protection is offered for example by the ESET Smart Security TV App. It protects Smart TVs and other devices with the Android TV operating system against Android malware, ransomware or data theft.
Read how to deal with IoT Security as a manufacturer!