Here at Innovation Labs by AVG, we have been working on a security router, Chime, to protect our customers from new security threats of growing connected devices in our homes. Sign up for Chime here to be notified when we launch our preorder campaign on Indiegogo.
Our homes are filling up with more and more internet connected devices, personal or smart home devices, that aren’t protected and are riddled with security risks. A study by HP revealed 70 Percent of Internet of Things devices are vulnerable to attack, due to lack of standard security measures that one would expect in this day and age, for example use of encrypted communication, secure firmware downloads and allowing weak passwords.
If you are one of those who still doubt the fuss around smart homes, just wait until you decide to change your thermostat or replace your lights. Everyday people who are moving or re-doing their house are confronted with a choice to buy a smarter thermostat, switch or lights. The average number of connected devices per household in the U.S. is already at 5.2; and Gartner predicts that by 2022 a typical home could contain over 500 connected devices.
The rush, fuelled by startups, to grab the IoT business is resulting in many of the products being shipped with major security flaws. The pressure from startups and established companies like Google (nest) is driving incumbent manufacturers to embed connectivity/smart technology into their existing products to stay competitive. This is a whole new territory for some of these manufacturers. And unlike the world of PC and smart phones, the IoT market is still missing a leading operating system, platform and a wireless technology that all vendors could get behind.
On the operating system side, Google recently announced Brillo, its android based OS for IoT devices, which so far remains the only OS from a major company (Apple so far has remained on the peripheral – with Homekit acting more as a hub). On the wireless technology, there are at least 4 contenders to enable IoT communication in our homes i.e. Bluetooth, Zigbee/Thread, Z-Wave, Lutron, etc. One of these wireless technologies will have to emerge dominant: like GSM did over CDMA/PAS for cellular communication and Wi-Fi did over Bluetooth for wireless LAN.
The security risks, even after the IoT market matures will remain high as having so many connected devices results in endless entry points or so called back-doors into your home for a potential hacker. Something somewhere will always be left open or unsecured – either by our mistake or due to manufacturer’s oversight. Even the temptation and reward of hacking into the connected devices in our homes, for example our webcams is going to be too strong for evil doers to resist.
The internet experts see security of wireless devices as a big problem too. In a letter submitted to the Federal Communications Commission (FCC) in response to the rules laid out in ET Docket No. 15-170, Dave Täht, co-founder of the Bufferbloat Project, and Dr. Vinton Cerf, co-inventor of the Internet, along with more than 260 other global network and cybersecurity experts, proposed new approach to ensuring security of these wireless devices.
One of the recommendations made is that device manufacturers should provide public, full, and maintained source code for review and improvement so security experts can easily research and expose vulnerabilities. A recommendation like this would have definitely made the job of security researchers that identified the security risk in LiFX LEDbulb much easier.
A recent article from Geoffrey Fowler, a tech columnist for the Wall Street Journal, captured this emerging problem from a consumer point of view perfectly and in my view even coined a term for the solution that’s needed – “Antivirus for our home.” The role of existing consumer antivirus products needs to expand to even provide security to our connected homes.
Consumers however do not yet see the need for a security solution to protect these connected devices. To give you an example, we conducted a study early this year to understand how secure customers feel about their connected devices. Here’s a response that wasn’t too uncommon: “What’s the worst that can happen, they can turn my lights on and off or play some music?” But when presented with the fact that “a smart light could potentially allow an attacker to steal their W-iFi password and ….”, they were more cognizant of the potential risks.
So we are exploring innovative ways in which we can provide this additional security to our customers in the easiest possible way. Chime, is our first step into addressing consumer security needs of a connected home – with security on the router. We believe that a router-based security solution will be an important part of future security offerings to secure our smarter homes. A router-based security service would be able to analyze traffic to and from all our connected devices, even the devices that are not protected by an antivirus. This additional layer of security will make it measurably more difficult for hackers/attackers to penetrate our home networks. Just like in enterprise market, a smart home network will need both network and end point security solutions.
So what do you think about the need for securing our smart homes?