There has been a lot of discussion on how Internet of Things (IoT) devices are helping to create smart homes, and whether the devices are secure. Brian Krebs writes in his blog post that IoT devices such as smart (internet-accessible) thermostats are likely security risks, adding the following warning: “[C]onsider whether you can realistically care for and feed the security needs of yet another IoT thing.”
SEE: CNET’s Smart Home
Earlence Fernandes, a Ph.D. student with a focus on systems and security at the University of Michigan, also has concerns, albeit slightly different, about IoT devices used in smart homes. “Current security research has focused on individual devices, and how they communicate with each other,” writes Fernandes in this Conversation post. “Little research has focused on what happens when these devices are integrated into a coordinated system.”
That slightly different take by Fernandes seems important. With the push to make homes smarter, knowing about any weaknesses when connecting disparate IoT devices to make a cohesive smart home system seems necessary.
What is a smart home?
Before looking at what Fernandes found, let’s define smart home. The Smart Home Energy website describes it as:
“A home that incorporates advanced automation systems to provide the inhabitants with sophisticated monitoring and control over the building’s functions.”
The definition’s mention of “monitoring and control” points to the need for a communications network that interconnects all the IoT devices so they can be controlled remotely via the internet. A good example of a highly-desired smart home convenience, at least in my neighborhood, would be the ability to make sure the garage door is shut at night.
The Smart Home Energy website also mentions, “The range of different smart home technologies available is expanding rapidly along with developments in computer controls and sensors. This has inevitably led to compatibility issues, and there is, therefore, a drive to standardize home automation technologies and protocols.”
That quote is a nice segue into what Fernandes is concerned about and the thrust of his research.
Potential risks associated with smart home platforms
To learn what happens when IoT devices are assembled into a smart home system, Fernandes, along with Atul Prakash, also of the University of Michigan, and Jaeyeon Jung of Microsoft Research looked at several smart home platforms. “We looked at what systems existed, and what features they offered,” writes Fernandes. “We also looked at what devices they could interact with, whether they supported third-party apps, and how many apps were in their app stores.”
In addition, the researchers took a good look at the security features of the various platforms, asking the question, “In what ways are emerging, programmable, smart homes vulnerable to attacks, and what do these attacks entail?”
To answer the question, the researchers decided to focus on one particular smart home system. They mention the system is one of the more mature ones on the market, with over 500 applications, and support for over 130 IoT smart home devices.
In addition, the smart home controller has a number of conceptual similarities to other, newer systems that make their findings relevant explains Fernandes. One such similarity is trigger-action programming, which allows individuals to connect sensors and events to automate aspects of their home. The trigger-action programming is just what my neighbors need and want; it can be set up to ensure garage doors are shut at night.
Fernandes writes that they found two categories of vulnerabilities: excessive privileges and insecure messaging.
- Overprivileged SmartApps: Over 50% of the apps had more access to functions than they needed. For instance, if our highly-desired app shuts a garage door at night, the system would also grant that app the ability to open the garage door. The team feels this is a mistake that offers opportunities to nefarious types. By subverting the application controlling the garage door, they could open it at their convenience.
- Insecure messaging system: Fernandes writes that IoT applications communicate with physical devices in a manner similar to how we use instant messaging, adding, “We found that as long as a SmartApp has even the most basic level of access to a device (such as permission to show how much battery life is left), it can receive all the messages the physical device generates — not just those messages about functions to which it has privileges.” Fernandes also mentions, “So an app intended only to read a door lock’s battery level could also listen to messages that contain a door lock’s PIN code.”
The researchers also determined that a malevolent application can send messages impersonating messages from physical devices on the smart home network, such as reporting that a door is locked when it’s not.
Fernandes, Prakash, and Jung did not just study the vulnerabilities, they built proof-of-concept attacks that:
- stole existing door lock codes;
- disabled vacation mode of the home; and
- induced a fake fire alarm.
Videos on the research team’s website explain each attack. A detailed analysis, along with comments on what the three researchers uncovered, can be found in their paper Security Analysis of Emerging Smart Home Applications (PDF).
Fernandes starts out suggesting there are benefits to be gained from smart homes; however, due to the security issues they found, he advises caution, adding:
“Personally, I wouldn’t mind giving smart home technologies remote access to my window shades or desk lamps. But I would be wary of staking my safety on remotely controlled door locks, fire alarms, and ovens, as these are security- and safety-critical devices.”
Note: In their research paper, Fernandes, Prakash, and Jung state they are in communications with the appropriate companies about their findings.