Note: This is a guest post written by Norman Hsu, Managing Director for Edimax Technology
According to recent analysis by Machina Research, smart home devices now number 6 billion, and the market continues to expand. Smart homes and their associated devices represent a green field of opportunity, provided the industry can get a few crucial things right.
A key aspect of the smart home is wireless home security—motion sensors switch on lights when they detect you walking through the door, wireless keyhole cameras provide information about visitors and allow you to open your door from anywhere, and smart locks automatically secure your home when your phone drops out of range of your router.
But what about the security of the devices themselves?
A recent study from researchers at the University of Michigan exposed serious security flaws in popular smart home devices that can leave homeowners vulnerable to hacking and other threats.
The study is the first in-depth empirical security analysis of a popular emerging smart home programming platform, Samsung’s SmartThings.
The study identified two key areas of risk. Firstly, that SmartApps are overprivileged; that is, SmartApps can gain access to more operations on devices than their functionality requires.
For example, the ‘auto-lock’ SmartApp only requires the lock command of ‘capability.lock’ but also gets access to the unlock command, thus increasing the attack surface if the SmartApp were to be exploited.
The second major risk identified was in the SmartThings event subsystem, which devices use to communicate asynchronously with SmartApps via events. The subsystem does not sufficiently protect events that carry sensitive information, such as lock codes. Any app with access to a device’s ID can monitor all the events of that device.
Researchers also exploited framework design flaws to construct four proof-of-concept attacks that secretly planted door lock codes, stole existing door lock codes, disabled the vacation mode of the home, and induced a fake fire alarm.
All of these attacks were successful in breaching home security and exposing a household to break-ins, theft, misinformation, and vandalism.
Evolve and improve
In an industry that relies on the interconnectivity of a range of apps and devices, this study is an important canary test—its key findings are broadly applicable.
SmartThings share key security design principles with other frameworks, so lessons learned from this analysis can now inform the design of security-critical components of future programmable smart home frameworks.
While the above might appear to be all doom and gloom in the smart home security space, the beauty of smart design and technology is that we are constantly evolving and improving—each iteration of a product builds on what came before, and we can absorb these lessons into our frameworks.
Smarten up about hacking
This substantial growth means not only do we as developers and manufacturers need to be on top of software security, but consumers also need to adopt smarter behaviours to protect themselves from hacking.
There are a number of ways homeowners can contribute to the security of their smart home.
So here are 5 Quick Tips to Improve your Smart Home Security:
 Implement two-step authentications
Use a one-time code received by a phone call or text to keep unknown parties out of smart devices and the apps used to control them. Many websites and apps offer two-step authentication that users can opt into under “settings”.
 Complete security updates
Most smart home devices don’t update automatically, so once a month users should open the app corresponding to their smart device and check for firmware updates.
 Segregate internet connections
It is important to segregate internet connections to reduce risk of hacking across devices. You can purchase a separate internet connection, or split an existing internet connection using a virtual local area network (VLAN).
 Change default passwords
Internet-connected devices often come with default passwords, and unfortunately as many users forgo changing factory settings, those devices become easily accessible to hackers.
Next steps for smart home security
Developers of smart home security systems need to consider not only the physical security of the house, but also the potential threats to the software.
Edimax Technology has just increased consumer options in the wireless home security space with the launch of three wireless cameras, as featured in the Taiwan Excellence showcase at CeBIT 2017, and the company uses the latest in security defences and ensures it stays on the frontline of current research into smart home security.
To take the smart home security industry to the next level, it is imperative that clear standards are established across the industry, allowing for unification across all smart home technologies so disparate products can communicate seamlessly and—most importantly—securely with each other.