Let me first say this - at Korner, our first priority is to make home security as easy as possible, which means we don't expect most of you to know much about this topic, or to be interested in it. But we do think it is useful for you to know that we are thinking about this stuff for you.
Last week, eWeek reported on a study by Symantec, who provides Norton Anti-virus and other network security products. The analysis included 50 devices ranging from electronic locks to smart thermostats. The conclusion: the emerging smarthome is "wide open" to cyber-attacks (granted, this is a mighty convenient conclusion for a company who's software secures devices, but there were some useful observations nonetheless).
According to the report, all devices failed to check if they were communicating with an authorized server, one in five didn't encrypt communications at all and many didn't lock out attackers after a certain number of password attempts. In addition, most devices assume the local wireless network is secure. An attacker that has gained access to the local network, via proximity or via malware installed on a local computer system, can further compromise smart devices.
So what can a user do? Well, if you're a smarthome geek you can check out Symmantec's blog where they offer free access to their report. But they offer some basic advice that can be helpful to anyone:
Use strong and unique passwords for device accounts and Wi-Fi networks Change default passwords Use a stronger encryption method when setting up Wi-Fi networks, such as WPA2 Disable or protect remote access to IoT devices when not needed Use wired connections instead of wireless where possible Use devices on a separate home network when possible Be careful when buying used IoT devices, as they may have been tampered with Research the vendor’s device security measures Modify the privacy and security settings of the device to your needs Disable features that aren’t needed Install updates when they become available Ensure that an outage, for example due to jamming or a network failure, does not result in a unsecure state of the installation Verify if the smart features are really required or if a normal device would be sufficient
At Korner, we believe that the best home security system needs to defend itself. For those of you who are interested in the details, here are a few:
We encrypt all communications between devices and the server We check that we are communicating with an authorized server Each device in our system uses an encrypted bootloader. This means that, even if someone gets access to our firmware, it can't be reverse-engineered
But even if you aren't interested in these details, you can rest assured that Korner is thinking about them for you.