Defined by ENISA as a space integrating interconnected smart devices and systems, the smart home is the direct successor of home automation systems. A market that is expected to generate a turnover of 300 million euros in 20171. Connected to the Home Area Network or directly to Internet, these devices work with different types of communication protocols and networks (HAN, WAN, wireless, LPWAN) by which data is transferred between users and smart devices.
“Smart devices are particularly "talkative" and this is one of the first vectors of attack” said Yassir Kazar, co-founder of the Bug Bounty platform, Yogosha. Indeed, the interdependence of smart devices is a source of vulnerability: hackers could easily take control of a smart device, but also of the entire network on which it is located. While implications for security and privacy aren’t always obvious for developers and users, they can have a real impact on the resident’s lives, health and safety.
In order to raise awareness about IoT security among industrial and consumer, the European Union Agency for Network and Information Security (ENISA), published in December 2015 a report on the smart home security, in which Digital Security participated. Entitled Security and resilience of smart home envrionments, this report provides a holistic security approach. ENISA describes best practices for improving IoT security, from design to end of life. First guide published at the EU level in this specific area2, it is part of ENISA's strategy to raise awareness among professionals and future consumers about IoT dangers. As a reminder, a first document, mapping the smart home security threats, had already been published in December 20143.
We often speak of "snowball effect" in economics to describe the exponential growth of a debt related to the correlation of several factors. In the case of smart devices, this effect applies at the security level. Poorly secured from their design (negligence of the manufacturer in favor of the innovation, lack of awareness about cyberattack effect, set up of summaries of incomplete security measures) the endemic nature of smart devices makes them even more vulnerable to cyberattacks.
For example, in November 2015, researchers of Kaspersky company demonstrated how the hack of a HDMI Google Chromecast key, allowed to them to take control of other devices, with the help of a Controller Rickmote. They were able to change the content displayed on the TV by replacing it with an error message forcing the owner to change the password for the Wi-Fi, or reboot the router. A similar flaw was later discovered in a smart coffee machine. Once the hacker had the password for the Wi-Fi home, then he could easily connect himself to the surveillance camera, to spy on the whereabouts of people4.
This experimental scenario demonstrates how the interdependence of smart devices, increases the attack surface and the destructive capacity of a hacker. Indeed, we are seeing more and more examples of IoT hacks in the press. In 2015, a study achieved by two security experts, highlighted the lack of protection of new electricity meters that have been implemented by the Spanish government. In addition to turning off the power of electricity meters owners, the infection could spread all the way toward the power plant5.Another factor which increases the risk of piracy, is the lack of security standards. In November 2015, the security company Imperva, revealed that 900 CCTV cameras had been turned into botnet6. The flaw? The factory password had not been changed by users...
Aware of the multiple risks that impact the smart home security, ENISA has published a practical guide, designed to raise awareness among IoT designers and consumers on the best security measures to adopt. ENISA’s recommendations are prioritized according to the product life cycle, from design to its power down.
The first recommendation is based on security by design, a crucial step often overlooked by manufacturers, as evidenced by vulnerabilities discovered in smart locks by the security researcher Renaud Lifchitz working for Digital Security (Master Class - FIC 2016). The lack of security puts at risk the personal data of users that are stored on smart devices.
To resolve this alarming situation, ENISA recommends to manufacturers, to conduct regular security processes on their products such as the defense in depth, which is to use several security techniques to reduce the risk when a particular component security is compromised or failed.
Insofar as home automation systems are composed of multiple technologies, namely a network, a software, a hardware, protocols, cloud services, audio and communications, it is necessary to consider vulnerable points for each of these elements when attempting to secure the smart home. IoT vulnerabilities can be related to the low security of mobile applications and an illegitimate authentication allowing attackers to take control of smart devices.
To correct these vulnerabilities, ENISA recommends encryption and authentication.
Hardware encryption solutions can be quite limited for some smart devices because of their low processing power and their storage space reduced. ENISA recommends not to use proprietary encryption schemes, but rather to use standards, to consider whether a software or a hardware solution is necessary according to the context, to manage the keys safely and finally to use reputation and trust infrastructures.
Authentication is one of the critical security requirements for smart devices. It consists of identifying a person or a computer in order to allow the access of that entity to resources such as applications. ENISA recommends to use mutual authentication for remote communication, the multi-factor authentication for the user access and finally to set up a strong management policy for passwords.
To these two security requirements, ENISA adds recommendations in software such as the report of any unusual event when attacking, the strengthening of the protection of the software security functions (by strengthening interfaces, by ensuring the separation of the applications during their execution or by improving the protection of personal data).
Besides security by design, IoT designers must ensure that once installed in private homes, it remains easy to handle technical issues related to smart devices security. As such, manufacturers should provide user-friendly interfaces for device management and security services. They must also put in place a secure and reliable mechanism for device update to allow the correction of vulnerabilities.
For their part, suppliers must be able to understand problems that may affect these devices. It is recommended to carry out investigations on the vulnerability of selected solutions, and to protect the software update mechanism. Thus, users benefit from an ongoing technical assistance, ideal to help them to correct technical problems of their products.
Another subject mentioned by ENISA, the end of life of smart devices. According to ENISA, IoT designers must provide a secure backup and deletion service of the stored data (and the associated Cloud services) during the use and the end of life of the product.
The design of secure objects by default, recommendation advocated by ENISA, seems the best option. Moreover it is necessary that manufacturers are aware of the potential risks, in order to not neglect this step. Indeed, some people don’t see the need to use the defense in depth for their products, because of the unattractive content of stored data7. However, any smart device potentially records personal data on its users, which can be made accessible to ill-intentioned third parties, and thus, violate the privacy of those involved.
In addition to technical advice, ENISA lists a series of legal and policy recommendations.
Moreover, ENISA recommends that all stakeholders raise awareness individuals to understand what are the actions needed to secure a smart home. Suppliers must hire security experts to prevent and resolve potential security breaches. Suppliers and consumers must be informed by cybersecurity agencies about the risk of smart devices embezzlement.
National cybersecurity agencies, consumer groups, standards groups and industry associations must reach to a consensus on the minimum security level required in the design of smart devices, and are intended to assist non -experts in the implementation of specific security functions to their devices and services. Moreover, the European Commission and industry players must integrate cybersecurity in R & D projects related to the Smart Home Environment and the Internet of Things. One of the existing programs, Horizon 2020, defines what are the security requirements, in order to prevent cyberattacks.
ENISA suggests setting up an IoT common standardization in order to transmit security information. The ecosystem of the IoT is indeed threatened by the multitude of communication standards. Like the Tower of Babel, many consortia are trying to develop their own IoT language between devices. It should however be noted that institutions seeking to establish specific standards for the security of smart devices, such as the AllSeen Alliance, are emerging.
The European Commission and its Member States should set rules to ensure the security level of a given product. It is recommended that this security approach is based on existing work such as white lists and providers certification, the integration of several levels of insurance to counter multiple cyberattacks, or the definition of security audit rules and tests (for example the self-assessment, the assessment by a third party and the certification). It is also recommended to work with the CSIRT in order to test the resistance of objects to existing attacks. Manufacturers and developers with a limited security experience, are strongly encouraged to base on university research and national cyber security agencies.
Smart home evolve at a very fast pace. Integrate some smart devices into an existing environment raises new security challenges. Recently, researchers from the University of Michigan have managed to find flaws in the Samsung application, Smarthings, a platform that aims to control all smart home devices via a smartphone. For example, they were able to exploit a flaw "open redirect" and implement a backdoor into an electronic lock while recovering the PIN code. This flaw indicates that the implementation of the protocols and security mechanisms is generally performed poorly, leaving an "open door" to hackers.
This guide wants to be ambitious: the establishment of best practices is based on the questioning and the evolution of the security mechanisms implemented by designers, and on consumer awareness about IoT security. The search for innovative security solutions also requires cooperation between IoT designers and IT security experts such as white hat. Other solutions emerge, such as blockchain and forecast a security renewal, a fundamental requirement for all products and services that impact on the lives and safety of the user.
ENISA provides an exhaustive list of threats that may impact the family environment. From a single failure causing a malfunction on the smart device to the control of family members via a webcam, this barometer offers a range of significant risks.
|Vulnérabilities||Threats||Risk assessment||Risk definition||Examples|
|1. Security flaw on a smart device||Invasion of life privacy /Takeover of smart devices/ personal data thief||Fairly high risk||Control of a family||In 2014, a hacker succeed to take hold a baby monitor8 / The hack of a smart bulb allowed to decrypt information of the network configuration9|
|2. Lack of WiFi security||Material damages||Fairly low risk||Interception of the wireless communications via a spoofing attack||Hackers would be able to read information transiting between equipment, and then to take hold the whole network|
|3. Lack of consumer awareness||Smart device hijacking/ Identity usurpation||Very high risk||The smart device breaks down temporarily or definitively||In November 2015, the security company, Imperva, revealed that 900 of its control cameras had been converted in a huge botnet10|
|4. Bad conception of the smart device by default||Outages||Fairly high risk||Smart devices break down temporarily or definitively||In September 2015, the company Nest faced on various technical problems: it was impossible to control for the company to control its devices during several hours11|
This blogpost is an overview of an article, published in the monthly magazine ISECO (Internet of things security observer) achieved by Digital Security analysts. ISECO is an exclusive watch about IoT security, which is available by subscription. For more information: firstname.lastname@example.org