Smart home or dumb security risk?

Internet-connected devices are flooding into homes, but with convenience comes vulnerability

connected home illustration internet of things IoT
Credit: ThinkStock

Technology-filled smart homes have come a long way since Rosie the robot housekeeper catered to the Jetsons' needs. But one thing the Jetsons never seemed to worry about was Rosie turning on them or being used as a surveillance device.

While today's smart home mishaps may not be as far-fetched as the Ultrahouse 3000 that terrorized the Simpsons in "Treehouse of Horror XII," they can -- and do -- happen.

Just ask the German computer science professor who rigged up his house so that everything from lights, music, and TV to heating and cooling was connected to the Internet and could be turned on and off remotely. Sounds great, right? Until the house froze up and stopped responding to his commands.

Was a nefarious hacker or rebellious HAL wannabe to blame? No, the culprit was a light fixture that had burned out and was trying to gain the hub's attention by sending continuous requests that overloaded the network -- a classic denial-of-service attack.

The professor knew his way around a network and was able to diagnose the problem himself, but are all the consumers of smart home technology -- expected to become a $12 billion annual business within five years -- so tech savvy?

Not all solutions to smart home snafus are as simple as changing a light bulb. And millions of Internet-connected devices flooding the market -- and our homes -- are less secure than a PC or smartphone. As Daniel Buentello said in a Black Hat tech session in which he needed just 15 seconds to break in and gain remote control over a Nest thermostat: "The more convenient or smart something is, the less secure it is. What are we giving up just for me to be lazy on my couch?"  

Having someone hack your smart home's thermostat might fall into the harmless prankster category, but there are reports of people modifying the thermostat of their ex-spouses, gaining control over the home devices in a stranger's house, spying on children asleep in their cribs -- even disabling security locks. At another Black Hat tech session, titled Home Invasion v2.0, Daniel Crowley demonstrated how easily a computer hacker can gain access to a front door lock and open it.

Along with all the burgeoning smart home technology, the frontiers for cyber crime will also expand, and the well-known security risks to your PC and credit card could become true for your refrigerators, coffee pots, and security systems.

In a recent test of home automation hubs, Symantec found multiple security flaws that could allow attackers to gain access to the hubs -- and the devices connected to them. And if cyber criminals apply the tried-and-true ransomware model to smart homes, homeowners will find themselves coerced into paying up in order to regain control of their heating or smart TV

Security research analyst Colby Moore blames a lack of security standards in IoT devices. "Right now, the Internet of things is like computer security was in the nineties, when everything was new and no one had any security standards or any way to monitor their devices for security," he told Gigaom.

So be aware that our obsession with remote control comes with risk. And before you give in to the allure of that Comcast Xfinity Home ad cooing, "Get peace of mind with a total home security and automation system," ask yourself: What could possibly go wrong? 

To comment on this article and other InfoWorld content, visit InfoWorld's LinkedIn page, Facebook page and Twitter stream.
From CIO: 8 Free Online Courses to Grow Your Tech Skills
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.