ABI Points To Smart Home Cybersecurity Concerns, Hacking Risks
Amid the growth of the smart home industry, ABI Research has noted the need for security measures to be addressed at a product design level.
ABI forecasts 360 million smart home device shipments by 2020, however notes “many companies are leaving major security flaws in the wake of their hurried attempts to penetrate the market, producing products riddled with bugs and unpatched vulnerabilities”.
ABI states that at a design level ignoring cybersecurity “provides a wide-open door for malicious threat actors to exploit smart home products”.
“We see an alarming increase in ransomware in smart TVs and IP cameras, code injection attacks, evidence of zero-day threats, and password eavesdropping for smart locks and connected devices,” Dimitrios Pavlakis, ABI industry analyst, commented.
“The current state of security in the smart home ecosystem is woefully inadequate. Smart home device vendors need to start implementing cybersecurity mechanisms at the design stage of their products.”
ABI notes that numerous attack vectors have been identified in smart home communication protocols including ZigBee, Z-Wave and Wi-Fi.
“Many companies are creating and selling easy-to-tamper smart locking systems, easy-to-hack sensor systems and products that host a plethora of software vulnerabilities,” ABI states.
“This could allow home invaders to determine when residents are out and enable them to break in more easily; cybercriminals to carry out distributed denial of service (DDoS) attacks and force appliances offline in exchange for ransom; and malicious actors to steal data, and possibly even personal information, and resell them online.”
ABI does, however, note that some vendors, including Amazon, Apple, Google, Samsung and Philips, now include security within the project design phase, primarily meaning “securing the network, making use of encryption key management and placing limitations on communication protocols”.
“OEMs need to first think about security at the design stage and conduct risk assessments,” Pavlakis commented. “The next step is to ensure that proper security testing happens before the product goes to market.
“OEMs then need to offer continuous security support over the course of the product’s lifespan. Without these basic measures, the eventual financial and reputational costs to OEMs will be high in the wake of malicious hacking of smart home products.”