Smart home industry must tackle security issue if it is to grow

The smart home market is being held back by concerns over security and privacy, a new report published today (6 February 2017) by Beecham Research argues. To combat this, smart home systems must be secure by design across products and services and the entire supply chain, if the industry is to deliver on its promises and meet ambitious market growth predictions.

In its report, Bringing Security in the Smart Home: Approaches and Opportunities, Beecham Research says that while connected appliances such as entertainment, lighting, home security and heating systems are already finding their way into typical households, there is a very real concern about security and privacy, which is holding back wider adoption.

“Smart homes by their nature introduce connections between multiple systems at multiple touch points and create an intersection between many other systems, including vehicles, energy grids, media streaming and the cloud,” pointed out Saverio Romeo, principal analyst at Beecham Research.

“An exploitable vulnerability in the home could lead to more serious breaches in any of the systems it touches, which complicates the security landscape. Whereas traditional network security focuses on fortifying, protecting and monitoring small numbers of routes to the network, an IoT (Internet of Things) environment has too many routes to effectively and economically secure in the same way. So, while many smart home devices are designed to be secure, the connections between them are often not protected.”

The Beecham Research report defines three main areas of risk: end user expertise; new business models; and pervasive and persistent insecurity. Many users of smart home technology are not experts and may compromise security through using default passwords, for example, allowing attackers to gain access to home networks and connected devices including PCs and laptops.

The problem is compounded by traditional consumer and household product companies rushing to develop connected products and services without adequate security knowledge or expertise – graphically highlighted by the hack of Mattel’s Hello Barbie doll.

And with the long lifecycles of home products such as washing machines, attackers have plenty of time to reverse engineer security systems and protocols with the help of manuals and documentation available online.

Beecham Research believes that these fundamental issues need to be addressed to deliver trust in smart homes, building on existing guidelines covering technology and policy along with services and customer support.

Concerted efforts by the likes of the Open Connectivity Foundation (formed from a merger of the Open Interconnect Consortium and the Allseen Alliance in October 2016), the IoT Security Foundation and OWASP (Open Web Application Security Project) are a positive move, but require more attention.

The authors also point to a greater emphasis on security from home automation focused organisations including the likes of Z-Wave Alliance, the Home Gateway Initiative and the Thread Group.

“The smart home security market is behind the curve compared to the smart home products and services market,” said Saverio Romeo. “Most security is focused on devices and not very systematically, without strongly addressing connectivity and as-as-service models.

“This is in part due to the complexity of creating smart home systems and in part down to the level of risk that managed security service providers are happy to take on. But it is clear that the smart homes industry needs to be more proactive and take the lead rather than waiting to see where the next major threat comes from.”

The Beecham Research report is available at www.beechamresearch.com. The new focused report is an extension of a wider look at the Smart Homes market published at the end of last year entitled, Smart Home Market – Current Status, Consumption Trends and Future Directions.

Desire Athow
Managing Editor, TechRadar Pro

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website builders and web hosting when DHTML and frames were in vogue and started narrating about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium.