The connected home: golden opportunity or Pandora’s box?
Richard Kirk, AlienVault
Many predict that by 2020 there will be more than 50 billion connected devices in circulation, which equates to about seven connected devices for every person in the world, writes Richard Kirk, the senior vice president at AlienVault. The vast majority of this growth will be consumer devices, many of which will be in our most private space – the home.
But as our homes become more connected, mostly without our consent, what does a connected home really enable? Manufacturers are now routinely adding Wi-Fi connectivity to their home appliances, mostly because the cost of doing so is cheap and having a Wi-Fi chip embedded in a fridge can open all sorts of commercial opportunities. This could mean that your thermostat tells the house alarm system that you have left the house, or perhaps your microwave asks your freezer if there is any pizza left, and if not, orders it. Whatever the case may be, we should all be concerned about how cyber criminals will exploit this next level of massive invisible processing power and internet connectivity in our most personal space.
There are already reports of the Nest smart thermostat turning the heating on at odd times of the day and night, but at least the worst this could lead to is an impromptu home sauna and outrageous energy bill. But taking it a step further, I’m not sure how my insurance company would respond to a claim for a burnt down house as a result of an iron or cooker being turned on remotely by a hacker.
Less than a year ago the smart home market was a very different place, when home automation was more for early adopters and only available in hobbyist and electronic stores. Now it is targeting all types of users, especially those who might struggle to change a plug, never mind configure and manage a collection of automated home devices.
This raises some serious concerns about the security of connected homes, and whether or not the manufacturers are considering cyber security with the same degree of concern that they would with physical security. For example, we all trust that our clothes dryer will not burst into flames, despite the high temperature that the clothes are subjected to. This allows us to leave the dryer on whilst we are away from home, and even program it to come on late at night when electricity is cheaper.
One of the reasons why our everyday appliances can be trusted is because they are subjected to rigorous testing, both by the manufacturer as well as independent testing labs. We trust that the labs follow well established standards such as those developed and implemented by the International Organisation for Standardisation (ISO), European Committee for Standardisation (CEN), ASTM International and Underwriters Laboratories (UL), and their logos are a welcome sight on the products we buy. But is there a similar approach being taken with respect to cyber security and are products destined for the connected home being subjected to thorough cyber security testing?
Unfortunately, on the whole we currently rely on the good judgement of the designers and manufacturers of our technology, and short of government intervention, which might yet be required, we have to hope that such companies have at least hired a chief security officer with the power to review and influence product development.
There are many advantages to the connected world that we are rapidly moving towards, and this is to be welcomed. However, the industry needs to take cyber security seriously and ensure that not only do the products themselves follow well established cyber security principles, but importantly that the connected ecosystems, which will enable the more efficient life that we all crave, do not become some form of Pandora’s box.