Most of my life has been centered around architecture and design. Both my grandfather and great grandfather were architects and during my childhood I spent a lot of time in and around their buildings.
For me there is something to admire about architecture that goes beyond just the building itself. It wasn’t about being inspired by midcentury modern classics. It was the idea that architects are true masters of their trade with the ability to take ideas about aesthetics and technical requirements from a client and turn them into a finished structure complete with documentation, specifications and references.
Naturally, I wanted to follow in their footsteps but I always wanted to add my own twist to modern interior architecture and selected to focus on Interior Design. In college I specialized in 2D and 3D Computer Aided Drafting, mainly AutoCAD and 3Ds Max. After graduating from college I began the long road to certification and secured a job as an assistant project manager for a firm in Los Angeles.
Ultimately this is where my path into information security began. As I was preparing for a career in Architecture and Design I started to slowly specialize in information assurance as I began studying the risks around processing, storing, and sending construction documents associated with secure locations. One of the major problems I encountered early in my career was how to securely distribute sections of a construction document to sub-contractors for bidding without disclosing sensitive information about the building or project.
10 years later I find myself as the Head of Security Research for Radware’s Emergency Response Team (ERT), where my daily tasks include focusing on risk analysis for network and application-based vulnerabilities. It’s a long way from the original objective but as my career progresses I find myself approaching a crossroads of the two disciplines.
My research into network and application security mainly focuses on malware that infects IoT devices for the purpose of launching denial-of-service attacks, mining cryptocurrency, click fraud and data theft. From my position today, I look at the architecture and design industry with concern as new risks have developed from the dream of building the home of tomorrow.
What is a Smart Home?
Today, the term “smart home” defines a house that includes connected devices (IoT), cloud computing, AI or smart system controls as part of its design to help drive efficiency and life improvements for the owners.
Smart homes are society’s attempts at creating an intelligent ecosystem for residents to live in, but they are not to be confused with the automated homes of the past. Automated homes have actually existed for decades. The only major change in home automation came in the last few years as internet-connected devices became incorporated into home automation.
Looking back at concepts and designs around General Electric’s “Kitchen of Tomorrow” in 1950, there is one key feature missing: the internet. In fact, the internet wouldn’t take its recognizable form for another four decades.
Many smart automated homes today include internet-connected devices in almost every corner of the house, including some of the more personal spaces such as the bedroom and bathroom. These devices include everything from switches and locks to lights, intelligent personal assistants and other applications controlled by sensors and user-defined actions. Smart automated homes also offer residents the ability to not only control their environment locally but also allows users to remotely access these devices while they are off the property.
Growth in IoT Devices
The growth of IoT devices and digital technologies is rapidly evolving, and along with this evolution we have seen a growth in products and systems designed to improve the way we live our lives. The growth of IoT is rapidly transforming every aspect of how society not only works, but lives.
Recent statistics show that In 2017, 19 million U.S. households owned some form of connected light system, door locks or motion sensors. Experts have even predicted that the growth of IoT devices will surpass anything we have ever seen before both in terms of market size and the quantity of devices incorporated into home design.
Should these devices and their supporting ecosystems fail, the consequences could vary from a simple annoyance like an outage to something significantly worse, like a security breach targeting personally identifiable information (PII) or residential habits.
In the next two blogs I’ll cover what new design concepts are needed to address these emerging technologies related to smart homes and what risks are presented for the architects, designer and owner of a connected home. We’ll cover the network protocols found inside today’s smart homes as well as the categories of products offered, how these devices are controlled, and the risk posed to these devices.
Finally, I will cover why people are choosing to incorporate smart, automated devices into their homes as well as the risks We’ll discuss three core issues around smart automated houses and what architects, designers and consumers can do to secure and protect the homes of tomorrow. Stay tuned!
Download “When the Bots Come Marching In, a Closer Look at Evolving Threats from Botnets, Web Scraping & IoT Zombies” to learn more.
Daniel Smith is an information security researcher for Radware’s Emergency Response Team. He focuses on security research and risk analysis for network and application based vulnerabilities. Daniel’s research focuses in on Denial-of-Service attacks and includes analysis of malware and botnets. As a white-hat hacker, his expertise in tools and techniques helps Radware develop signatures and mitigation attacks proactively for its customers.