Running our home by talking to, or clicking on an app has transformed the way we live — letting us feed the dog from the office and even check if we're out of milk while shopping at the store. But those same doors that let us connect, can let in malware and hackers, things we'd prefer to keep out — a thought that's far less fun, and far more complicated, than just asking Alexa to start the vacuum. That why some industry experts believe it's the main gate — the internet connection itself — that needs to be protected.
"The number of devices that will be in consumers in home will dwarf smartphones, and there will be billions of them not millions," said Scott Ford, CEO of Pepper IoT, a platform for IoT security that can be installed on devices, and also adopted by broadband providers. "But there is no off switch for IoT device. Once they're connected to your home's Wi-Fi there's no stopping that."
A robot vacuum gets its orders through an app that speaks to it over an internet connectioniStock
Your PC vs your smart plug
The Internet of Things (IoT), a system that runs our lights, the air conditioner, and even the refrigerator through a wireless connection, links our homes together in ways that weren't possible just five years ago, expected to bring 60 million U.S. households smart control and connectivity by 2023, according to Statista.
Most people know they need some security for their computers and smartphones that connected online. They've been trained to update operating systems, download patches when manufacturers push them out, and even install anti-virus software to make sure that rogue programs don't get downloaded and hack their machines.
Smart devices operate, in some cases, the same. Brands push out updates to their systems, and when a product is connected online, these are installed. Some smart devices, however, don't do this: there's no update, there's no patch, and some platforms don't even have basic security in place.
Patches and OS updates that come regularly to PCs and smartphones, aren't always available for smart home devices.iStock
Take for example the Mirai virus which in 2016, spread across hundreds of thousands of connected devices including security cameras and even your old DVR. The malware, designed to do harm to a product, turned these items into a zombie network: they had to do what the program told them to do. Mirai was a big hack, designed to attack as many products as possible without targeted anyone specifically.
"We know wide spread attacks, phishing, the Mirai attacks, are when an attacker wants to get revenue or access," said Sivan Rauscher, CEO and co-founder of SAM, a cybersecurity solution designed for broadband providers. "They're attacking massive numbers of people."
Hackers can go after specific products from brands. Take the recent attack on 72,000 Google's devices including its Chromecast and Google Home smart speaker, which asked them to subscribe to the channel of a favorite YouTube celebrity. Harmless in essence, but the vulnerability could be taken up anyone, doing far more damage that making people watch unwanted YouTube videos.
The problem, Ford said, is a lack of oversight today in the smart home space, with products launching that don't always provide security from the network connection to the internet, like your broadband service, to the device and back.
"It's the Wild West," he said. "And there is a pretty big lack of understanding of how IoT works. Most people think about it at the device level. But there's also this massive infrastructure to support these devices, to allow them communicate over the internet and to end user. And it's that area that's super vulnerable."
While people rely on IT departments to help them solve tech problems at work, at home they're left to handle issues themselves.iStock
Just as we're taught to wash our hands to keep colds and flus at bay, so too do most of understand that we need to keep our devices clean — and free of digital viruses.
However, while businesses often have a tech department, somewhere to go when the computer screen at work goes blank, or a company-issued smartphone starts malfunctioning, people have to be their own tech support at home. For most of us, that amounts to turn something on and off, unplugging it from the wall, and maybe shutting down a broadband connection, waiting a few minutes, and relaunching the router. Truthfully, that will often temporarily fix an issue. But once you're back online, if the connection to the internet from a device isn't secure, digital germs can creep right back in the door.
"The biggest mistake is that no one cares about toaster oven, or the [gaming device], but once those are hacked, once the network is damaged, it's game over," said Rauscher, who spent 15 years in cybersecurity, including seven with the Israeli Intelligence Corps. "People know about phishing, and ransomware. They know the affect and outcome, but they don't really understand how it's all connected and I think that's the problem."
To Rauscher, the solution lies in protecting the broadband connection. However, she believes that everyone has some skin in the game — from the consumer understanding what they're bringing in the home, to the manufacturer that has a responsibility to invest into the security of the devices they deliver.
With so many devices linking through a single access point, securing that connection is crucial say expertsiStock
"We're locking down everything, and trying to help the consumer," she said. "Our solution is doing it for you, from the network to the device, end to end."
Pepper IoT's Ford believes regulatory oversight is also crucial to creating more security in the IoT space. Regular users of smart devices, no matter how diligent, are unlikely to be able to keep the maintenance up of every product that connects online that they use, especially as these numbers grow.
Consumers should be aware, and take the steps they can, but the industry too needs to take some steps to make sure that tomorrow's smart home isn't just fun — but safe too.
That's where the regularly environment will come in, requiring distributors to do more due diligence on these devices," he said. "The consumer will never know everything in the way we want them to know. "We have to focus on who is sourcing and distributing these devices, rather than someone who is about to plug something that is potentially damaging them in the future."