Our homes are not the impenetrable fortresses they once were

Our homes are intended to be a sanctuary, offering safety and privacy from the outside world. The massive influx of connected smart-home devices in recent years can make our homes an even more enjoyable oasis, but only if device manufacturers, security leaders and consumers recognize that modern homes are targeted by an unprecedented barrage of privacy and security threats, and respond accordingly.

Although much has been said and written about the Internet of Things (IoT) in recent years, the reality is that IoT security remains in its early days. Today’s homes are loaded with connected devices; by 2022, the global smart home market is anticipated to reach a value of more than US $53 billion, according to smart homes data from Statista. Between smart thermostats, smart kitchen appliances, smart vents, wireless home energy monitors, smart security systems – the list goes on – there is no shortage of innovative devices that can improve our experiences at home and our peace of mind when we are away. However, security practitioners are still trying to catch up with the staggering pace of growth in connected devices, a challenge complicated by minimal standardization and regulation on the IoT landscape.

These dynamics increasingly are cause for concern under our own roofs. With the holiday season in full swing, countless households will soon be adding new connected devices that might be needed, useful, or just plain fun (or perhaps all of those things), but that also come with risks that tend to be swept away faster than a mountain of crumbled giftwrapping paper. Virtually all of us have been guilty of becoming mesmerized by a new gadget to the point where the device’s security become an afterthought, but there are numerous questions that demand serious exploration, including what potential threats exist, how those threats will be mitigated, and with whom will the data generated by the device be shared. Ideally, many of these and other questions would be addressed by device manufacturers prior to the products hitting the market, but in reality, the competitive pressures faced by enterprises too often lead to shortcuts taken during products’ design phase, including skipping IoT audits that can identify needed security fixes in software and hardware, which become much more costly to deal with if detected once the product is close to launch or already in the marketplace. 

Smart devices can pose threats 

The well-publicized Mirai botnet attack provided a wakeup call, but two years later, the smart-home security outlook remains rife with challenges, particularly considering that devices can pose serious threats to our physical security. Smart home devices routinely draw upon information that is sensitive to our security. For example, smart vacuums map areas that can create floor plans, while smart thermostats utilize the patterns of people being away from home and/or use geolocation to control heat when occupants are approaching the house. In a more traditional security sense, smart locks can be hacked and smart alarms can be disabled.

Even in cases where consumers’ security is not in peril, their privacy may well be. In an era when privacy is rightfully commanding more attention from the public and is the subject of ramped-up regulations from lawmakers, smart home cameras and microphones can be enabled for unauthorized surveillance. The thought of baby monitors potentially being compromised to leak video and sound, usually through vulnerable communication protocols, is a chilling prospect, yet one that cannot be discounted. The good news is consumers may be wising up to the risks these devices introduce. In a PwC survey earlier this year, the majority of respondents indicated they understand that smart home devices and other IoT products threaten their personal privacy. The question remains, will they take the next step and adjust their purchasing decisions accordingly?

Despite these many concerns, momentum behind smart homes continues to grow, and understandably so. Beyond smart home devices’ tech-forward cachet, there are numerous practical benefits to connected devices in the home, and the devices increase in sophistication each year. They can enable cost savings from being more energy-efficient, can offer greater convenience and functionality for those dealing with physical disabilities, and can provide an additional layer of security through more advanced monitoring tools. Home owners can even use their smartphones to speak with visitors they might not know through smart doorbell systems.

Clearly there is much to gain in deploying smart home devices and, on a practical level, they are only going to continue to proliferate in the coming years. This reality calls for shared responsibility among device manufacturers, security practitioners and consumers to make sure these devices can be incorporated to our homes in a responsible manner. Manufacturers must avoid the temptation to configure products without security and privacy being prioritized, security and governance professionals must provide the due diligence to assure the devices do not pose hidden risks, and consumers must take the extra step of researching products from a privacy and security standpoint before allowing them into their homes. Modern technology presents so many new and compelling opportunities for all of us, but one thing that should never change is having peace of mind that we are secure in our homes.