Having a smart home is all well and good until you become a victim of data leakage.
This is not a discouragement against IoT implementation into your home, however. The Internet of Things market has been on the rise, and thanks to that, even our homes have become smarter. We don’t have to worry about doing our laundry, or making coffee manually anymore. With just a command we can do these things without having to move away from that comfy couch.
But over the last couple of years, some incidents have shown that the matter of smart homes might not be all it’s hyped up to be. Just like everything, IoT implementation in smart homes has a bright and a dark side, but it seems the dark side is more sinister than the bright one.
The combined research conducted by Northeastern University and Imperial College of London has shown how consumer devices are not to be trusted when dealing with client data. The researchers conducted 34,586 controlled experiments on 81 different IoT devices, 46 of which are from the US and 35 are from the UK, and this is what they found out-
- 72 out of these 81 devices are connecting to services that are not the first party. Which means they are connecting domains and addresses that have no business connecting to the device.
- The research showed that 56% of the US devices and 83.8% of the UK devices were connecting to domains that were not in their region.
- The safety of the data on an online connection depends on the level of encryption, but here’s the kicker- according to the research, all the tested devices have at least one plain-text flow, which means at least one data flow from all the devices is non-encrypted. Not to mention, any cyber-evesdroppers can analyze device traffic, encrypted or not, and figure out the user and device behavior.
But in any case, this is just research. What happens when a smart home management platform leaves a server with important user data exposed on the internet without any password or protection?
Around mid-June, the security team at vpnMentor, lead by security researchers Noam Rotem and Ran Locar, spotted a completely exposed server containing the customer details of 2 million users, including their usernames, passwords, and password reset codes.
The server in question belongs to a Chinese smart home management platform Orvibo. Their smart home management Smartmate helps users control every aspect of their smart home, from security to closing the curtains.
Not only a smart-home management system, but Orvibo also deals in self-manufactured smart home products such as smart light bulbs, HVAC systems, home entertainment systems, security cameras, smart power plugs, and many more.
The open server containing user information poses a huge threat to everyone who’s data has been exposed. Since the data breach being exposed, Orvibo has taken steps to secure the server. Even then, the data breach can have serious repercussions for the users. What are these repercussions though? Let’s find out what can happen to your data if it is leaked by your smart home device.
What will happen if your data is breached?
When hearing about IoT and data breach, the user can have two kinds of reactions.
One group would panic, and probably stop using all kinds of smart devices.
Another group would ask so what if their data is being breached? And this point is to answer the question for the latter group.
There is a reason why smart home security is something to be concerned about. The personal and sensitive data, the users enter in order to run the devices, can be manipulated in various ways, and each one would only harm the users.
So what are the ways hackers can manipulate the IoT devices and data that make your home smart?
1. Manipulating The Devices
The first thing you might do after getting a smart device for your home is to configure its username and password.
However, this is not a widespread practice. Most people often end up using the same default username and password the device came with, which means that it’s going to be super easy for the hackers to get your data and gain access to your device. And from there on, it’s an open sandbox for them to play with. They can do whatever they want with your device, but there’s one guarantee- whatever they do is not going to do you any good.
2. Holding Your Data And Device For Ransom
The ransomware attack is the most familiar in the IoT industry. Through this, what the hacker usually does is that they would gain access to an IoT device, and cut off the legitimate user’s access. Then they would ask for a ransom for restoring the user’s access to that device.
While this may not seem to be as dangerous, it is a serious threat. Once the hackers have gained access to your data, they can use it for many malicious ends, things you don’t even have any idea about. And not to mention, there is no guarantee that they would give you back the access to your data once you pay them. And that’s why implementing some serious security protocols in place is needed to prevent your device and data from ransomware attacks.
3. Doing Serious Damage To Your Home
This one might seem a little petty, but here we go anyways.
Imagine having a smart thermostat, which you can control using online access. Now imagine going out on a vacation with your family, making sure that everything around the house is shut down, even the thermostat. However, when you get back, you see that the thermostat turned up to its highest setting on its own, melting every plastic thing in your house.
But did it happen on its own? How are you going to find out whether it just happened or someone purposefully hacked into your smart home system and used the thermostat to seriously damage your home? Stealing the authorization details, hackers can do this for multiple reasons, ranging from personal vendetta to trivial entertainment because they were bored. Either way, it is your home that will be damaged.
4. Actively Robbing Your Home
When details such as passwords and user IDs, along with device IDs are being sent to an unknown third-party domain without any encryption, the data can be used in many ways, and one of them can be to rob your home.
Think about how a hacker-robber group can hack into the security system of your home, disable it and then walk into your home to steal everything from you. This is a bold use of smart home data breaches, and it can be quite fatal in case someone is home when they decided to hit the house. In this case, the loss of data security can result in serious loss of physical property as well.
5. Launching A Botnet Attack
Last but not least, gaining access to your IoT smart home devices, the hackers can turn these devices into zombie devices and launch a botnet attack. A botnet is a number of internet-connected devices. Each of these devices is running one or more bots, which can be used to perform distributed denial-of-service attacks.
Through this, the hackers can also steal important data, send spam emails, getting the attacker access to the device, this is not only going to create a problem for you but others as well.
With a DDoS attack, the botnets can connect to a website, generating so much traffic that the website crashes, leaving them vulnerable for many data exploitations. Using your IoT device, the hackers can launch a similar botnet attack to that of the Mirai Botnet attack of 2016. The Mirai botnet attack brought down a french host OVH. and that’s how your smart home devices can be turned into a weapon to bring down popular websites around the world.
What Is Going To Be The Solutions?
Every problem has a solution, and so does this one.
There have been plenty of solutions suggested for the data security of IoT devices. But so far only two of these solutions stand out. One is the use of machine learning, another being Blockchain.
The Machine Learning Solution For Smart Homes
Rather than looking for a security solution for each device, AI and machine learning can create a shield of security for all the IoT devices for your home network. Deep learning and machine learning can not only monitor each and every device connected to the network, but they can also detect and prevent any unwanted and unknown device trying to connect with the home network.
The use of AI comes in handy when analyzing the network traffic. This way the AI can keep up with the general traffic flow of each of the devices and detect any anomalies in the normal flow of traffic. Which means fewer chances of any hackers getting inside your home network. You can check out these top 10 highly performing smart home apps making it big.
Along with these benefits, the use of Machine learning and deep learning can also detect botnet activity, manage device authentication and access management. This way they can manage to give your smart home network 360-degree security without worrying you.
The Blockchain Solution To All Things Smart-homes
The main problem with the smart home network is the centralization of data, which could be easily hacked into. And that’s why Blockchain can provide a decentralized solution to this problem.
Once the smart home IoT systems start utilizing the blockchain system for data communication, the security will increase tenfold, because it is close to impossible to hack into a blockchain network and change the data. To do so, the hacker would have to have control of 51% of the devices connected, and when the number of connected devices spans millions, it can be a little tough.
Not to mention, blockchain in IoT will end the trend of data monopolization. Your data won’t be a subject of daily business deals with large conglomerates. Blockchain can bring affordability and security for smart homes that people have been asking for a long time.
So does it mean you should not be using smart home technology?
The answer is no, absolutely not. It is undeniable that smart home technology has its own benefits and you should be able to take advantage of that. But only after you have made sure of your data security. Once you have made sure that all the devices you are using are secure. You can make use of IoT devices for your home as much as you want. Always remember that the security measures for your home IoT devices are not a matter of joke.