Almost every home appliance, from toasters and doorbells to washing machines and televisions, now carries the label ‘smart device‘. However, cybercriminals exploit 80% of IoT devices because they know they are often inadequately secured or updated. Even unmanaged smart home appliances serve as easy entry points for attackers, enabling them to propagate within the breached network and escalate their intrusion.
When building your new smart home, do you diligently check how long the manufacturer will support and send security updates to the appliance? Will you commit to keeping dozens of devices on your network updated with regular security maintenance, or will you skip the updates?
Answering these questions honestly could help you determine the unexpected dramas heading to your home in the months ahead. Already it’s been four years have passed since Sonos controversially revealed it would be calling time on software updates and new features to its range of legacy products. It’s time to ask yourself, is your smart home becoming a ticking time bomb?
Key Takeaways
- Privacy breaches at Eufy and Wyze underscore the importance of encryption and security.
- The complexity of securing a smart home is increasing, with criminal cases requiring digital forensics to solve crimes.
- The challenge of keeping numerous devices updated raises questions about the longevity and security of smart home investments.
- Smart home technology involves a trade-off between enhancing home security and potentially exposing homeowners to greater privacy and security risks.
- Show Full Guide
The average home in the US now has well over 20 internet-connected devices, but what happens when your smart home betrays you?
After initial denials and lack of communication, Anker admitted last year that its Eufy security cameras were not always end-to-end encrypted, leading to instances where unencrypted video streams were accessible through Eufy’s web portal.
Anker claims to have addressed this issue by ensuring all video streams from the web portal are now encrypted and is updating all Eufy cameras to use WebRTC for encryption by default.
More recently, Wyze cameras also hit the headlines for inadvertently giving 13,000 customers access to other people’s camera images and videos. With many users left feeling violated, it’s crucial to recognize the delicate balance between smart technology convenience and privacy risks.
Marcin Klebeingynski, CEO at Malwarebytes, told me that today’s dream of smart home security seems to have become a different reality.
There are technical failures, possible DNS poisoning attacks on IoT devices, and Remote Code Execution vulnerabilities discovered in IoT real-time operating systems and supporting libraries.
Consumers often ask themselves a far more personal concern: Will my IoT device give someone a portal into my home? As is often the case with emerging tech, the answer isn’t for users to give up on the technology’s promise but for IoT vendors to take user security and privacy seriously.
From Convenience to Chore: The Reality of Smart Home Maintenance
I recently found myself in the unusual position of having a few hours of downtime and decided to switch on my PS5 and Xbox, which were gathering dust. Both required updates that would take two hours to complete, so I started the updates and did something more productive instead. But what if these same problems hit more critical areas of my home?
Spare a thought for Doug Shepherd’s challenging experience, the Senior Director of Offensive Security and Global Insider Risk at Jones Lang LaSalle (JLL), who faced an unexpected issue in the dead of night.
Smart devices frequently demand updates, often at the most inconvenient times. Shepherd shared a particularly telling incident when his Philips Hue smart bulbs, fully integrated into his smart home setup, suddenly switched to full brightness during a nighttime thunderstorm and wouldn’t dim. Resolving this required a software update.
@tweethue this is what "update fatigue" looks like.
Last night, had several brownouts due to major thunderstorm.
One of my Hue lights switched to full brightness from evening-dim; no biggie, I'll just reset the scene.
…only to find I can't unless I install an update. pic.twitter.com/OXb8wSPBss
— r0pchain (@r0pchain) August 15, 2023
Shepherd told me how he heavily invested in the smart home world, and the lessons learned from replacing 70+ outlets and switches in his home. He warned why it takes an astounding amount of “care and feeding” to make it all work.
Once you have it in, it is like managing another major appliance like a water heater or designer refrigerator. I compare them to digital equivalents of changing a filter or descaling the heating element every three months. In the case of smart devices, this often manifests in updates that the vendor will force on you, often at the least convenient times.
Gary S. Chan, Cybersecurity Leader and security mentalist, suggests that users have a simple choice before making any smart home purchase.
“Decide if you prefer privacy or the convenience of smart home devices. You can’t have both. I do this analysis for every device at the time of purchase. Thus, I might decide that having a smart-connected ABC is worth the price of privacy, but a smart-connected XYZ is not.”
If you have skipped an update on your laptop, tablet, or smartphone, you will know this feeling too well. But imagine the consequences of having 50+ devices of skipped security updates adding vulnerabilities to your home network.
How Smart Devices Blur the Lines Between Security and Privacy
If I had told you ten years ago you would need a monthly subscription for your doorbell, you might have shaken your head in disbelief. But this year in the UK, Ring Doorbell hiked its prices by 42% to £49.99 for its annual basic plan. However, the bigger story behind this headline is the much higher price being paid for convenience, security, and peace of mind.
There is an element of irony in purchasing a Ring Doorbell and adding a subscription for added security, only to have it compromise your privacy. Especially considering that in 2020, many turned to Ring to enhance their home security, only to learn the company shared their customer data with third parties like Facebook and Google without explicit consent.
Past partnerships between Ring and law enforcement agencies have also raised questions about the blurred lines between security and surveillance. Incidents like these highlighted the delicate balance between utilizing smart technology for security purposes and the significant privacy risks they pose. But can anyone truly expect privacy with an increasing number of third parties monitoring their home?
Any true crime buff will know that heart rate data, GPS tracking, and message logs on smart devices can assist law enforcement in constructing a detailed sequence of events related to a criminal incident.
In a significant digital forensics case, experts investigated an intelligent washing machine used as an alibi by a suspect claiming to be home during a crime.
By dismantling the machine and analyzing its data chip, they determined the wash cycle was activated remotely via mobile phone, which was also traced to the crime scene, conclusively linking the suspect to the offense.
Securing Your Smart Home: Tips from Cisco’s Former CTO
Over the last five years, many households have invested in the smart home concept without thinking about one of the oldest security mantras. “If a device gets connected, it gets protected. But that protection must be strong because a network is only as secure as its weakest link.”
TK Keanini, Former CTO for Cisco Secure, worries about the increasing number of smart home devices and apps they need to keep secure. The trend is not in favor of the defenders as they are not the ones spending all day trying to figure out how to subvert security controls, nor should they be.
“Ask yourself, how would you know if your home system was compromised? Do you wait for the manufacturer to make an announcement? My advice would be that with everything you add to your smart home, ask how diligent you can be about the security of your home. Would you buy something that would be a fire hazard? I think not.”
Homeowners who find themselves unhappy at the increasing cost of their doorbell subscription are looking to competitors such as Wyze and Eufy to find they have been hit with high-profile incidents. But these recent events are increasing the awareness of managing and securing every device in the smart home to make it more secure, which can only be a good thing.
The Bottom Line
Home appliances such as washing machines, dishwashers, and televisions, traditionally designed to serve for ten years or more, are increasingly available as “smart” versions. However, these advanced models come with a catch: many leading brands only commit to providing software updates for a brief two-year period.
Beyond this timeframe, these appliances risk losing key features and functionality, becoming susceptible to security breaches and vulnerabilities.
The dream of a smart home is evolving into a reality where convenience comes at the cost of constant vigilance and potential privacy compromises. As the modern household becomes increasingly interconnected, consumers and manufacturers are responsible for prioritizing security and privacy, ensuring that the technology designed to protect us does not become the very source of vulnerability.
References
- Smart Home: Threats and Countermeasures (Rambus)
- End of Software Updates for Legacy Products (Sonos)
- FTTP (ComSoc)
- Anker finally comes clean about its Eufy security cameras (The Verge)
- “So violated”: Wyze cameras leak footage to strangers for 2nd time in 5 months (Ars Technica)
- Marcin Kleczynski (LinkedIn)
- Doug S. (LinkedIn)
- r0pchain’s tweet (X.com)
- Gary S. Chan (LinkedIn)
- Ring Doorbell hikes its prices for millions of UK customers: Basic plan jumps by 42% to £49.99 – and furious users say it’s ‘outrageous’ (Daily Mail)
- Ring Doorbell App Packed with Third-Party Trackers (EFF)
- Doorbell-camera firm Ring has partnered with 400 police forces, extending surveillance concerns (The Washington Post)
- A sit down with Sarah Morris (Cranfield University)
- TK Keanini (LinkedIn)
- Smart home appliances have long lives, but software support is much shorter (ZDnet)