Security Firm Finds Smarthome Devices Vulnerable to Cyber-Attacks

Published: Mon, 23 Mar 2015

Let me first say this - at Korner, our first priority is to make home security as easy as possible, which means we don't expect most of you to know much about this topic, or to be interested in it. But we do think it is useful for you to know that we are thinking about this stuff for you.

Last week, eWeek reported on a study by Symantec, who provides Norton Anti-virus and other network security products. The analysis included 50 devices ranging from electronic locks to smart thermostats. The conclusion: the emerging smarthome is "wide open" to cyber-attacks (granted, this is a mighty convenient conclusion for a company who's software secures devices, but there were some useful observations nonetheless).

According to the report, all devices failed to check if they were communicating with an authorized server, one in five didn't encrypt communications at all and many didn't lock out attackers after a certain number of password attempts. In addition, most devices assume the local wireless network is secure. An attacker that has gained access to the local network, via proximity or via malware installed on a local computer system, can further compromise smart devices.

So what can a user do? Well, if you're a smarthome geek you can check out Symmantec's blog where they offer free access to their report. But they offer some basic advice that can be helpful to anyone:

  Use strong and unique passwords for device accounts and Wi-Fi networks   Change default passwords   Use a stronger encryption method when setting up Wi-Fi networks, such as WPA2   Disable or protect remote access to IoT devices when not needed   Use wired connections instead of wireless where possible   Use devices on a separate home network when possible   Be careful when buying used IoT devices, as they may have been tampered with   Research the vendor’s device security measures   Modify the privacy and security settings of the device to your needs   Disable features that aren’t needed   Install updates when they become available   Ensure that an outage, for example due to jamming or a network failure, does not result in a unsecure state of the installation   Verify if the smart features are really required or if a normal device would be sufficient

At Korner, we believe that the best home security system needs to defend itself. For those of you who are interested in the details, here are a few:

  We encrypt all communications between devices and the server   We check that we are communicating with an authorized server   Each device in our system uses an encrypted bootloader. This means that, even if someone gets access to our firmware, it can't be reverse-engineered

But even if you aren't interested in these details, you can rest assured that Korner is thinking about them for you.

Subscribe for Blog Updates

Post Comments
All Comments