Americans have shown they’re more than ready for smart homes. Unfortunately, hackers have as well.
As the smart home market’s world leader, the U.S. is also home to an alarming number of horror stories: From baby monitors to “smart” locks to lightbulbs, insecure devices have compromised millions of connected homes.
The truth, frankly, is that connected device security hasn’t kept up with the pace of product development. In 2018, attacks on IoT devices grew by 203 percent, jumping by 73 percent in the third quarter alone. A user with an IoT device has less than five minutes from the install point to change the factory-set username and password. She has mere hours to patch known security flaws.
To be fair, many device manufacturers do prioritize security. The trouble is twofold: Hackers are getting more sophisticated, and access points have exploded. Until recently, the typical home had just a few digital points of entry. Smart homes, on the other hand, have dozens. All it takes is one weak link to give a bad actor his “in.”
Prevention Is Key
Once an IoT product is compromised, the damage is done from the market’s perspective. Media outlets report the breach, hurting the IoT firm’s image. Buyers wonder whether their own device is involved, killing the user experience. Undecided shoppers look to other products or swear off smart home technologies entirely.
In our 24/7 media age, preventing attacks is critical. Although traditional cybersecurity applications use behavioral analysis to prevent attacks, IoT security specialist ZitoVault patented a new way to predict cybersecurity threats. Many approaches use predetermined data points to flag anomalies. In contrast, ZitoVault’s model takes into account everything from social media data to search history and email activity.
In the world of IoT security, working backward is a smart strategy. By watching for signals a human investigator would use to analyze an attack after the fact, device providers can spot signs that one is imminent.
Protecting the Network
The challenge with IoT devices, of course, is that they’re part of a network. If an attacker gets a foothold, IoT architectures tend to make it easy for them to penetrate other connected devices.
Until recently, IoT companies’ answer to that problem was essentially to throw more behavioral analysis at it. But there’s nothing unusual about IoT devices exchanging data — it’s quite literally the point of connecting them.
Although it uses behavioral signs to prevent attacks, smart home services company Plume may have found a solution to the network sharing problem: device quarantine. To prevent malware from spreading, Plume can push a compromised device into an “internet-only” local-area network. The quarantined device retains internet access, but it can’t communicate with other devices on the user’s network until given permission. This gives the homeowner valuable time to address the issue with the impacted device.
Seeing Is Believing
Even if individual devices and the broader network are secure, consumers can’t see all the checks and authorizations happening in the background. The problem with that is that, at least as far as the market is concerned, perception is reality. If looks like it can’t be trusted, it likely won’t be.
Plume and most antivirus software providers display a graph of security protection events, but few or no smart home hub devices include such a visualizer. In the age of the smart home, the user needs a top-down view of his home’s security. Monitoring individual devices may work with one or two, but it’s impractical for homeowners with even half a dozen such devices.
From free VPN software to stronger cloud services, businesses have demanded better. American homeowners have shown a healthy appetite for smart devices, but they may change their minds if manufacturers can’t deliver and demonstrate security. In a time when any device that can be attacked will be, nothing less will do.