Securing The Modern Smart Home Is A Challenge
The news reports are scary and often blow the problem out of proportion. But there is no denying we have a security problem with this technology.
Did you ever wonder why Smart Home security seems to be so hard? Or just why it seems to be an unsolved problem?
We can send humans into space finally on US-built rockets again, but can’t secure our own homes?
“It depends upon what the meaning of the word ‘is’ is”
Just like a certain President from days gone by, security means different things to different people.
In our physical world, we accept security methods that are a balance between cost, convenience, and protection.
Is the entrance to your home or apartment secure? Virtually all of us have a lock on our door and feel safe to come and go as we please.
But is it really secure?
“Hacking” into most doors isn’t that hard.
A few minutes with Google and you can be watching how-to videos on lock picking.
You can spend a few dollars online and then a few days later, a set of lock picking tools can be shipped right to your door.
Possessing them and using them may be a crime, but that isn’t really necessary anyway.
A hard kick to most doors will easily bend or break the doorjamb providing easy access.
The ubiquitous brick thrown through the window is fast and easy and does a great job too.
Yet we continue to use the humble lock, invented in the early 1800’s, to provide the security for our valuables.
Using the technique as 100 years ago is not much of a solution for our smart homes.
No, I’m Not Nagging You To Choose A Secure Password
Nowadays, computer security for personal and home equipment starts and ends with passwords.
Tired yet of being nagged to choose a “complex password”? Told to stop using the same password everywhere. Admonished not to write it down on a sticky yellow note next to your screen?
That’s all good advice to follow, but I want to focus on network and device security – the next step after basic password hygiene.
Why Is Network Security Important?
The network in your home, wired and wireless, is the backbone of every smart home.
Every device in your home from light dimmers, to streaming music and media players, and security cameras send and receive data using a network connection.
With a broadband modem and router, the network connects devices within our home and to the outside.
Securing this data highway makes sense.
It’s a high-value target for gaining access to the systems in the home to intercept data or take control.
Downsizing Corporate Network Security
A lot of home computing has evolved directly from mainstream or corporate computer technology.
I’m not surprised. Computer equipment used to be very expensive and could only be justified for business use where the advantages far outweighed the cost.
As technology improved, large mainframes gave way to minicomputers, then personal computers, then microcomputers and microcontrollers.
With costs as low as a few bucks, there are computers, in the form of nondescript microcontrollers, inside everything from coffee machines, to washing machines, televisions, and of course smartphones and tablets.
The Obsolete, But Widely Used Firewall
Corporations developed a straightforward way to protect their multi-million dollar computers and networks of personal computers – isolation.
They use hardware and software devices called firewalls, corporate equipment inside the company is isolated from the outside world.
At first the software and hardware had no physical connection – no wires, no computer screens, no keyboards, no printers that had any connection outside the company.
As networks grew and companies became interconnected, physical isolation was replaced with logical isolation using advanced software.
Firewall devices act like a guard station or sentry inspecting everything going into the network or out of the network.
Home networks adopted the same approach, but on a smaller scale. All home routers have a basic firewall capability, and that does help, but it is not enough.
Why Firewalls Don’t Really Work Any More
Installed a smart home device and then been instructed to “open a hole in the firewall”, “create a port mapping” or some similarly cryptic instruction to follow to get it working?
All of those procedures are the equivalent of saying “just give me the key to front door. Trust me, I won’t let the wrong people in”.
Firewalls don’t work because they are dumb. They either block or allow data to flow between your network and the outside world, but that’s about it.
I’m oversimplifying a bit, but the challenge is every device nowadays wants special treatment.
“Block everybody else, but you can trust me” doesn’t work when you have to leave the door open for everything and everyone.
Lock It Up
The easy solution to smart home security would be to lock-down the firewall and simply not allow devices inside your home to communicate with the outside and vice-versa.
Oops! That means no email, no web browsing, no Netflix, no multiplayer Xbox, no anything.
Yeah, everything we do nowadays is really from our devices in our home to the Internet.
Most of our smart home devices need to be connected to centralized cloud servers to operate properly.
Firmware updates, automated routines, cloud-based intelligent processing such as image recognition, alerts and notifications, and more are just a few of the features we use that require our smart home devices to have an Internet connection.
Turn on the air conditioning on a hot day while you drive home? Check on the person ringing your doorbell from your hotel room in another city?
Remote access to our smart home is one of the most useful capabilities we gain with home automation and that simply doesn’t work without Internet access.
There Are Solutions, But It Is Neither Easy Nor Cheap
While we wait for consumer-friendly, simple solutions, more advanced smart homes have once again adopted technology from the corporate world.
If you are willing to use more expensive and complicated tech, home networks can be secured much better.
Sophisticated and more powerful gateway systems, I hesitate to call them firewalls to avoid confusion, control the entry and exit points.
Using dynamic rules that adjust to changing usage conditions, technology known as intrusion detection systems (IDS) identifies in real-time attempts to infiltrate the network from the outside.
Companion intrusion prevention systems (IPS) kick in automatically to block the offending traffic.
Beyond IDS/IPS enabled firewalls, network design uses advanced partitioning to isolate and separate the network into smaller groups of equipment and users.
This “divide and conquer” approach is akin to breaking a large home into smaller apartments and then setting strict rules on which rooms are off limits to anyone but the landlord and specific tenants.
These systems are implemented using virtual lans (VLANS), intelligent network switches (Layer-3 switches), and enhanced security/routing instructions known as access control lists (ACL’s).
As you might imagine, it gets expensive fast and complicated. These advanced home networks are currently found mostly in really large homes or estates managed.
There Is Hope
Security breaches have gotten a lot of media attention and that is a good thing. Manufacturers are starting to pay attention as consumers become more outraged.
More security products are being designed with a “set it and forget it” automated approach and large smart home device manufacturers such as Google, Amazon, and Apple have started incorporating more security into all their devices.
If security is important to you, implementing VLANS, network IDS/IPS firewalls, and advanced infrastructure may be too costly or complicated at this time, but you can take the following steps:
Use unique secure passwords (yeah, I do have to remind you)
Pay more and buy products only from well known, trustworthy companies
Turn off any features you are not using
Disable remote access unless you really need it
Update firmware and software on a regular basis
Stay informed so you know which companies/products can be trusted