Smart homes are revolutionizing how we go about our daily lives, thanks to its network of different devices connected to the Internet of Things (IoT). No matter how different these IoT devices are, or what their set of functions are, they work together to simplify the lives of the users and streamline domestic tasks. The need for safer, easier, and more convenient ways to stay connected with the world during work from home has spurred the demand for voice-command operated home devices to new heights. Whether it’s a smart coffee maker that starts brewing after the morning alarm goes off, or a smart lock that automatically locks the door as users leave the house, IoT devices can enhance convenience and comfort. Although IoT devices in a smart home can create an environment ideal for smart living, they also introduce new digital vulnerabilities and security issues that must be addressed.
Cyberattacks Front and Center
Recently, Colonial Pipeline Co., the largest pipeline system for refined oil products in the United States, suffered a ransomware cyberattack. A Russian hacking collective locked up some of Colonial Pipeline’s computer systems and forced the company to shut down its entire pipeline, causing fuel shortages for large parts of the East Coast.
Perhaps the most surprising part of the attack was how easily it happened. By compromising a single password for a virtual private network (VPN) account, the hackers were able to access the company’s computer network. Although the account was no longer in use when the attack occurred, it was still able to access Colonial’s network.
The problem was the VPN account was left unprotected by basic cybersecurity tools, such as multifactor authentication. This meant the hackers only needed to obtain a correct username and password to nearly bring the company down to its knees. Ransomware attacks like these have become more frequent, with American businesses such as meat packing plants and hospitals being recent targets. Large cases, like Colonial Pipeline, have earned the most news coverage but most of the attacks target smaller users, such as local businesses and individual users. The explanation is simple: Targeting humans is easier, than targeting systems.
Designing Safer Smart Homes
While smart homes are a much different target than utility companies, they are still at risk of a similar type of cyberattacks and ransomware threats. For example, home monitoring systems can store confidential information such as personal medical data. If a security breach occurs, hackers can gain access to your private information. Other data that may seem harmless, such as HVAC operation parameters, or internal home temperature, can be used by burglars to determine break-in opportunities. In addition to robust security design, the users need to be educated about potential threats and trained to take care of their individual security, just like they are trained to take care of taxes.
Many older industries already have well established global safety standards, but emerging technologies such as IoT, might have to set the standards along the way. The lack of standards, however, is not an excuse to ignore cyber security in design. For better or worse, cyberattacks are a part of our new reality, and therefore we must not only design resilient systems, but always have a backup plan. Two factor authentication solutions, IoT firewalls, regular updates, and effective access management should be part of the product planning process.
Common risk factors for smart homes include human errors, such as careless password and key management, along with allowing unauthorized devices to connect to the network. Unauthorized connections can cause major problems even if they do not gain control access. Network bandwidth can be stolen, and legitimate users can be denied service. With that said, many smart home devices are battery powered and wirelessly networked, making them susceptible to flooding network requests (DDoS attacks) that quickly deplete available energy. Understanding the threats, and placing higher priority on security already at the design phase, is a necessary part of the future of IoT.
The Need for More Secure IoT Devices
Due to the growth of IoT, manufacturers are under pressure to release as many products as possible on the market. As a result, the urgency to create new IoT devices pushed an influx of devices with overlooked IoT security vulnerabilities. When new products replace older models, manufacturers might not provide the necessary effort to support them with security patches. Manufacturers and software designers paying special attention to security can truly differentiate themselves from this crowded marketplace. In fact, security by design approach can offer competitive advantage.
With that said, hackers are persistent in their efforts, and new threats are constantly emerging. A three-year-old home security system, or even a six-month-old security camera, can have potential exploits. Even inexperienced hackers can take advantage of easily accessed vulnerabilities to get into your home network. Cases of hackers gaining control over webcams, baby monitors, and cameras on laptops are becoming more widespread. In a smart home, each additional IoT device is another attack opportunity that hackers can target for your data. These are real security threats that we inherited as part of the internet revolution, and they are not going away anytime soon. Therefore, as we innovate with IoT, we should also equally invest in innovation on the cyber security frontier.
We can conclude that in addition to functionality and ease of use, cyber security by design and superior service are key elements of a successful IoT product. Cyber security is indeed a challenge, but it is our responsibility as users, product developers, service providers, and manufacturers to push developments in cyber security, as we push forward with new endpoint innovations. Security by design is a challenge that we cannot walk away from.
How Ambiq Contributes
Ambiq’s ultra-low power multi-protocol Bluetooth Low Energy wireless microcontrollers are at the heart of millions of endpoint devices that are the building blocks of a smart home and the IoT world.
Ambiq’s leading ultra-low power SoCs can support key technologies required by connected homes and smart buildings such as Bluetooth Low Energy. Future generations will include additional multi-protocol communications such as Bluetooth® Mesh, ANT+, RF4CE, and Zigbee®.
Built on our patented Subthreshold Power Optimized Technology (SPOT®) platform, Ambiq’s products reduce the total system power consumption on the order of nanoamps for all battery-powered endpoint devices.
Simply put, our solutions enable endpoint intelligence everywhere.