Securing our smart homes
By Patrick Carrier, Business Development, Connected Secure Systems, Infineon
Our homes are becoming smarter as both individual appliances and larger domestic infrastructure gain connectivity and processing power. These systems are being connected to each other and to the internet, as well as being integrated with voice interfaces such as Amazon’s Alexa, Apple’s Siri, and Hey Google, to create sophisticated home-automation schemes. Who would have thought, ten years ago, that it would be possible to say “Movie night” and have your home’s doors and windows locked, curtains drawn, lights dimmed, room temperature set and TV turned on? But this is very achievable today.
Smart-home technology promises many other ways to make our home lives easier and more convenient, from programmable lighting schedules to automated garage doors. What is less remarked upon is the work that is needed to enable this convenience while ensuring that smart homes keep residents and their data secure. As we are beginning to realize, more that 15 years after we started carrying smartphones, our online data footprint is incredibly revealing of our lives and actions, desires and failings. Data gathered from within our homes will be even more revealing. If our homes are our sanctuaries, poorly secured smart-home technology threatens, metaphorically at least, to tear down the curtains, fit floor-to-ceiling windows, and build a viewing gallery for curious passers-by.
Given the potential value of data about activities within our homes, there are plenty of incentives to abuse smart-home technology for gain. One of the simplest approaches to doing so is for legitimate smart-home technology to over-gather and over-share information about the way it is used: anyone who has monitored the network connections that a smart TV makes when connected to the Internet will be familiar with this approach to appropriating personal data for commercial gain. Another mass-scale approach is to trawl the Internet for badly secured Internet of Things (IoT) devices, and then co-opt them into botnets that can be used to launch denial-of-service attacks for political or financial gain.
Perhaps the most disturbing type of hack, though, is one that exploits smart-home technology to attack an individual. In December 2020, America’s Federal Bureau of Investigation warned that hackers are now using compromised smart home devices to orchestrate ‘swatting’ attacks. The hackers use stolen credentials to log in to a victim’s livestreaming camera and/or smart speaker. They then call the emergency services to report that a crime is underway at the home. Once the responding police arrive, the hackers watch the action through the camera and interact with the police through the speaker. In some cases, hackers stream the attack online.