In another similar venture that involved attacking an experimental setup of Samsung SmartThings home automation platform with a lock-pick malware app, cyber security researchers at University of Michigan, USA, were able to get the pass-code to open a home’s front door.
A few other experimental attacks levelled against the system also succeeded. The results led a professor to comment in a media report that home automation is okay as a hobby but not yet ready for regular use, considering the poor state of security of a popular system that has been in use for several years.
Experts also feel that smart TVs are a sure-shot route for hackers to reach your personal computers and trace out sensitive information like passwords. In a recent media interview, Pam Dixon, executive director of World Privacy Forum, commented, “As more people get these smartsets, we will see a lot more hacking of TVs to get into the home computer network. It is not a backdoor or a sidedoor, it is a front door to your home network. It is a toboggan run directly to your computer.”
In a shocking demonstration, Candid Wueest, a threat researcher with digital security firm Symantec, successfully infected his Android based smart TV with ransomware, a piece of malicious software that locks a computing device until a user pays a ransom to the hacker.
Attempting to overcome such security threats, Samsung has included a security suite called GAIA in the Tizen based OS used in its newer TVs. This apparently creates a secure space to safeguard personal information such as credit card numbers and passwords. According to Samsung, GAIA also has built-in anti-malware to detect and block any unauthorised programs that may be used to hack key parts of the set’s OS, and it encrypts important data transmitted between the set and other servers.
“There is an overflow of data. Technology has advanced to an extent that this data can be accessed/ extracted and used by anyone else, in any part of the world. As data increases, it is necessary that chips become more secure and resistant to a possibility of hacking. Chip vendors like us, have a vital role in embedded device security. We have to build processors with built-in code verification capability, physical tampering detection and encryption engines. A major security hazard is that many devices, once deployed, cannot be upgraded to add security fixes. At NXP, we constantly provide manufacturer upgrades to ensure safety of our chips and end consumers,” says Gupta.
Dojo Labs, a startup aimed at ensuring the security of things, has developed a product called Dojo, which protects your connected products from hacking. Connected to your router, Dojo keeps filtering all traffic that flows in and out of your many devices through the router. It attempts to understand patterns in the way your devices are used and the kind of data that normally flows.
When there is any anomaly in the pattern, the user is immediately alerted. When it is a small or potential threat, Dojo begins by alerting the user. But, when it detects a real serious hack, it might even go ahead and disconnect the device as a precaution, till the user attends to it.
Cujo is a similar device that plugs into your router and acts as a firewall for your connected devices’ data traffic.
Standardisation would ensure stability and scalability
The connected home scene is getting better, with smart, simple and secure as part of the equation. The one other S needed to complete the picture is standardisation. “There is no current state of standardisation in the country for connected homes. However, with the current government’s focus on smartcities and the need for a uniform code for the same, we are quite certain this will soon be extended to the smarthome space.
“Europe has been working to create a standard language for smart appliances. Hopefully, India will follow the same path sooner or later. There was also news towards the end of last year that the Internet of Things (IoT) is going to have some standardisation, too. All this is going to get the government to ensure uniform measures across the connected home space,” says Gupta.
Garg too feels that, “There is limited standardisation in the industry right now. The user, functionality, players, hardware and software, all these are evolving rapidly. This essentially implies that standardisation is possible only at a high abstract level. Going forward, whatever solves the most pertinent use cases will start becoming the standard around which others will evolve. For example, in communication, we think ZigBee will become prevalent.”
With more standardisation, we will find more people willing to take the plunge into home automation because it will guarantee longer lives for their products and greater interoperability—in short, a more stable future for the emerging technology.
“When smartcities become a reality, people will realise how convenient it is and will make the shift in their personal space, too,” concludes Gupta.
Janani Gopalakrishnan Vikram is a technically-qualified freelance writer, editor and hands-on mom based in Chennai