Integration of Cybersecurity Practices in Home Automation Systems

Introduction

In this era of the fourth industrial revolution wave (IIOT), most homes contain different gadgets or machines that are automated. These automated gadgets offer a high level of convenience, a reduction in energy consumption, and a reduction in the amount spent on utility bills, among many others. Home automation allows turning on or turning off the lights, disarming the security system, and putting on the air conditioner whenever the family members are close to the home. These and a lot more are the overwhelming experiences in homes where home automation systems are installed.

However, the mode of operation of home automation systems via the interconnection of various devices through several communication protocols to the Internet makes it prone to cyber-attacks. Thus, this necessitates the import of cybersecurity into home automation systems.

What is Cyber Security?

The endeavor of protecting or defending servers, computers, electronic systems, data, and mobile devices against malicious attacks is known as cybersecurity. Cybersecurity is a term with vast context and applications. According to Risk-Based Security, in 2019 alone, 7.9 billion records were discovered to be exposed to cyber-attacks. Some of the common categories of cybersecurity include application security, operational security, network security, informational security, and end-user education.

The importance of cybersecurity is visible through the protection it offers to devices and software by keeping them free of cyber threats. It also protects the privacy and integrity of data, either when stored or in transit.

Among other ways of protecting against cyber-attacks and increasing safety in information exchange, the communication world uses only trusted entities while exchanging vital information. The communication industry also encourages regular updates of electronic devices’ operating systems or security patches and file backup to reduce the threat from cyber-attacks.

How far can my home be automated?

The short answer is – everything that is connected. Now, depending on how much of a “connected” mindset you have, the answer may at once be reassuring or alarming. Reassuring if you believe that you aren’t “connected,” and alarming if you think otherwise.

Believe it or not, there are over 100 touchpoints (A touchpoint in our context can be defined as any endpoint/device/sensor that interacts with a network, for instance, to send or receive data) in a single home that can be compromised. To simplify things and to help us better understand if I’m an alarmist or a realist, I’ve classified the touchpoints into the following categories:

1. Climate Control
2. Being Energy Efficient
3. Entertainment Automation
4. Luxury Automation
5. Notification and Alerts
6. Security

1. Climate control: Tasks such as raising or lowering drapes based on the temperature/amount of light/position of the sun or automatically turning on/off the HVAC/heating based either on time setting or occupancy would fall in this category. As you can already imagine, apparently simple tasks like those described above would require multiple sensors to work together.
2. Being energy efficient: For instance, making the sprinklers “intelligent” so that they don’t come on, on a rainy day, or lights that come on when they detect motion. Again, it seems simple enough but will require multiple systems working together.
3. Entertainment Automation: Set up the smart-home system to turn on “party mood” lighting and autoplay some music at the touch of a button, or set up “gaming,” “movie,” “music” or any number of settings that adjust the lighting, sound – volume and equalizer, and even the temperature, would be the tip of the iceberg here.
4. Luxury automation: As the name suggests, these are ideal for when you want to go all-in and pamper yourself. Things like a heated toilet seat, or heating in your towel racks, or humidity-controlled wardrobes would fall in this category. If the home has smart access, you can also go the whole hog and set up the lighting, music, temperature, and whatnot to be personalized for each occupant, automatically adjusted when they access the home.
5. Notifications and Alerts: These are such a ubiquitous part of our lives that we don’t even think about them anymore. Suppose you do take a moment, however. In that case, you’ll realize that for each notification or alert, a whole ecosystem of technology has to work flawlessly to deliver that notification to you, and here I’m merely talking about the communication between the plethora of devices.
6. Security: Our cameras, access control devices, motion detectors, and others are connected to the Internet and store information on the cloud. The sheer number of points where the intelligent security system can be compromised is beyond belief. It is one of the biggest ironies of the connected world that the systems designed to keep us safe are the very ones that are compromised.

Hacking of Home automation systems

As beautiful as home automation is, it is worth noting that any home automation system can be hacked. Most of the home automation hacking incidences can be traced to the ignorance of the users and the lack of security of such devices. For example, not changing the default password or access control settings. Cybercriminals can easily find this information from product manuals on the manufacturer’s website and use these default credentials to access the connected device, allowing them to reach your entire network.

Another hacking vector could be the connection and communication between the home devices and their servers. Usually, data is transferred between the devices and the servers using the MQTT protocol (Message Queuing Telemetry Transport). Some of these servers have been shown not to have security checks. Hence, anyone who has the server address can access it. Further, most of these hackers leverage the vulnerabilities of the transmitter to track the activities of residents and obtain sensitive data out of these devices. With the introduction of more IoT devices into the homes in their billions, the integrity and safety of these devices required serious consideration. Utilizing cybersecurity practices is undoubtedly one of the surest paths of securing our devices from attack.

Also, as discussed in the previous section, there is a whole world of hundreds of devices and sensors in constant communication. This adds two distinct possibilities to the list of ways in which one may be attacked.

First, the cloud – the server where all the information is stored. Right from our credit card and other payment information to what our cameras record to information that each sensor has picked up.  If this wasn’t enough, think about this – your information is split between the servers of the multiple service providers. One way to get around this threat is to set up and own your cloud storage physically. The reality, however, is that it is not economically feasible nor convenient to do this.

Even if you have control over some of your information, other information is stored on servers that you, as a subscriber, have no access to. For instance, your billing address, payment history, and other such information may be stored by the service provider, and you may not have access to this. This means that the information on both clouds can be compromised in a cyberattack.

Secondly, even if your entire home automation system is entirely independent of the Internet, it could still be compromised by someone physically plugging into an access point and accessing your data. Each sensor, device, communication channel (wireless or hard-wired), and storage set-up is a potential access point. Including your mobile – if you use it for even one of the automation tasks listed above.

Importance of Cyber Security in Home Automation

One of the worst mistakes you can make is to assume that “it will never happen to me.” We have become excessively technologically dependant, and there are no signs that this trend will slow. We use technology to solve almost every problem, whether in our personal lives or professional ones. We constantly generate data, which is then stored on clouds and web servers. Sensitive information like passwords, credit card information, and bank account details are just some examples of our data stored in cloud storage services.

As the commercialization of cybercrime evolves with advancements in technology, cybercrime actors get more access to most home automation systems. Developers have no choice but to embrace a high utilization of cybersecurity on their various IoT devices. All smart devices can now perform security updates with a backup system for sensitive information.

eInfochips provides end-to-end solutions for Home Automation systems across multiple segments of devices. We ensure scalability, integration, interoperability, connectivity, compatibility, and security of devices and networks. To know more about our Home automation and cybersecurity expertise, get in touch with us.

Main Sources:

• https://www.ncsc.gov.uk/collection/10-steps-to-cyber-security
• https://www.riskbasedsecurity.com/2019/11/12/number-of-records-exposed-up-112/
• https://us.norton.com/internetsecurity-malware-what-is-cybersecurity-what-you-need-to-know.html
• https://www.security.org/home-automation/