For the average homeowner considering a smart home, security remains top of mind. Visions of criminals hacking smart locks or gleaning personal information from internet-connected devices creates tremendous unease. However, the fear of these “micro-hacks,” though valid, are often overblown while the more damaging potential for “macro-hacks” are overlooked.
Some devices (not all) on a secured internet network, even when deploying the highest levels of security, can be left vulnerable to exploitable holes or weaknesses. Differences in product categories (a connected door lock vs. a connected light switch) can translate into developers and manufacturers who think about security through the lens of the device category. A connected door lock manufacturer may implement the strictest level of security because if someone virtually opens a customer’s door, their reputation is on the line. In contrast, a company that manufactures a connected light switch may not feel that a hacked light turning on and off is as large of a problem as a picked lock. However, what may not be fully appreciated is that the security flaw within the light switch can be used to hack multiple devices installed across the network and beyond. It is through these unsecure pathways within the ecosystem that hackers get themselves “in” to execute micro and macro attacks. For this reason, developers, companies, and manufacturers must start thinking beyond just the security of their individual devices and focus on the security of the entire network ecosystem.
Historically, focus on security has tended to be on the local level rather than the entire network supporting the device. Additionally (within smart home protocols), previous security frameworks may have provided high-levels of security and encryption, but the choice to implement such measures was left up to manufacturers, most of which aren’t security experts or have dedicated staff to review and implement industry standard security measures. This results in an ecosystem of connected products with varying levels of security deployed throughout. As the threat of macro-hacking rises, the need to secure the ecosystem is more important than ever.
Work to increase security on smart home devices is being done today. Let’s review the basics for what is needed to make this security possible. There are three layers of connected networks that matter for security: the wide area network (WAN), i.e. the Internet; the local area network (LAN) or “home network”; and the wireless personal area network (WPAN), consisting of the end-node devices. A number of problems can occur when trying to build secure solutions within these communication pathways. Among them are security attack threats, cryptographic computation power, available network bandwidth, code space, firewall policies, and efficient battery operation. All of these threats must be considered when developing a security framework for smart home. Z-Wave has addressed these concerns in a new security framework, Z-Wave Security 2 (S2).
Ultimately, a smart home is only as secure as its weakest link. It’s no longer “good enough” for companies to only worry about the security of their own devices. In a world built on connectivity, understanding how all the devices that sit on the network interact and communicate securely with one another is more important than ever. Developers and manufacturers must be aware of the rising threat of macro-hacks and the solutions available to thwart them. To not do so is an affront to their customers (and their unsuspecting neighbors).