main

Attack Types & VectorsSecurity

Is My Smart Home Telling People What I Do Every Day?

February 13, 2018 — by Mike O'Malley4

2017 will forever be known as the year that the smart home started to take off.  Researchers estimate that Amazon has sold over 15 million Echo devices  to date. Plus, Google has sold another 5 million Google Homes.  The overall smart home market is expected to grow to over $50 billion by 2022.  Already 1 in 4 U.S. households has some kind of smart device in their home.  With all the smart thermostats, smart fridges, smart light bulbs, smart doors and windows, personal assistants, and smart home surveillance, internet-connected home devices are rapidly stacking up in U.S. households. These devices are adding convenience and efficiency, but are they safe?

In this realm it seems that the technology has gone quickly beyond our ability to secure it.  At this year’s DefCon, a security-focused industry event, 16 Bluetooth-based smart door locks were tested and 75% were easily hacked in real time during a presentation at the event. Fast forward to the near future where many devices within the home are connected and two very real problems arise.  1) Criminals taking over smart home technology to break in to my house and 2) Criminals using smart home technology to profile my daily behaviors and routines for future nefarious use.

[You might also like: Create Trusted IoT, become the King of Sweden?]

Enter the service provider, where 75% of connected home services are sold and managed.  U.S. service providers have stepped into this burgeoning market and begun to re-tool their sales forces and technological capabilities to help consumers set up these complex systems. The U.S. leads this market in smart home penetration, followed by Japan, Germany, China and U.K. Service providers understand that scaling and automating these home networks is key to providing the true value that they represent to consumers. Instead of integrated vendor islands of thermostats, locks and home surveillance cameras, service providers have the capabilities and the capital to create a more complete and seamless experience for the consumer where all devices can work together and are accessed through the same consumer portal for a “single pane of glass” experience.

But how to secure it?  Service providers need to make the additional investments to protect the control plane of these devices to prevent bad actors from controlling locks and windows. Just as service providers have seen in their core businesses, failure to do so can result in application attacks which at best reduce the performance of the network and at worst can result in outages and debilitated service for the consumers.  Add that to that the fact that criminals have a new data source to mine for daily patterns of the consumer that service providers need to protect.  Without additional protection on the application data itself, criminals could gather valuable information about your daily habits in the home. What time do you get up in the morning? When do you leave for work?  When do you get home?  What time do the kids watch TV after school? When are you typically in the shower?  What time do you eat?  When do you typically go to bed? You get the idea.  Service providers are well positioned to protect the consumer and offer the value of smart home services without the risks.  U.S. service providers need to act first to capitalize on this opportunity, but the service providers in developed Europe and Asia need to be right behind and prepare for the consumers in their markets. Radware has tools available, like an online calculator, to demonstrate the ROI for service providers to become managed security service providers.  It’s time to prepare before bad actors know when I shower every day.

Read “Cyber Economics: Validating DDoS Managed Service Delivery Models” to learn more.

Download Now

Mike O'Malley

Mike O’Malley brings 20 years of experience in strategy, product and business development, marketing, M&A and executive management to Radware. Currently, Mr. O’Malley is the Vice President of Carrier Strategy and Business Development for Radware. In this role, he is responsible for leading strategic initiatives for wireless, wireline and cloud service providers. Mr. O’Malley has extensive experience developing innovative products and strategies in technology businesses including security, cloud and wireless. Prior to Radware, Mr. O’Malley held various executive management positions leading growing business units at Tellabs, VASCO and Ericsson. Mr. O’Malley holds a Master of Business Administration degree, a Master of Science in electrical engineering, and a Bachelor of Science in electrical engineering from the University of Illinois. He also is a graduate of the Executive Strategy Programs at the University of Chicago.

4 comments

  • Gail

    June 20, 2018 at 11:24 am

    So what the heck is the best and foremost thing a person should do to protect their privacy and stop intruders?

    Reply

    • Rags

      June 21, 2018 at 9:17 pm

      Sounds to me like Mr O’Malley wants you to contact Radware about this. At least he’s up front about it.

      Reply

    • Ángel

      June 27, 2018 at 8:12 pm

      Just wait a few years until the government cleans this mess up.

      Reply

    • Mark Powell

      June 27, 2018 at 11:34 pm

      Stop using cell phones, tablets, and computers… that is until all the security issues have been worked out over time. Go back to using a wired landline phone. Other than that there’s really no way to stop people from watching what you’re doing while you’re on the internet on your phone or tablet. There are steps that you can take to make sure your devices are as secure as possible however for all those steps there’s nearly always some way to circumvent that step so that you can be spied on.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *