IoThreats

A core goal of IoThreats is to assess the international state-of-the-art in the field of smart homes & smart environments, in order to define strategies and solutions for increased smart home security. First conclusions from the project give a concise overview on this new and highly innovative market – and point out, why it is so important to invest more effort into smart home safety & security.

IoThreats is surveying the international state of the art in the area of smart homes / smart environments in order to provide security authorities in advance for the dangers that arise from the increasing connectivity of technical devices in all areas of everyday life. The findings from a wide range of materials and recommendations should be applicable for security – related authorities way beyond the duration of the project.

The initial exploration and analysis of the current smart home market, as well the inclusion of the results from the stakeholder surveys is now finalized. Numerous national and international stakeholders, consisting of central experts in the field of law and technology, as well as stakeholders from the demand side, were interviewed in order to guarantee a comprehensive examination of the national IoT market.

IoT – Security as a new challenge in the market

With an annual growth rate of about 10%[1], security is both a major opportunity as well as a challenge in the IoT market. Semiconductor companies are therefore forced to develop solutions that strengthen IoT security. McKinsey’s 2017 research identified the biggest challenges to adopting secure IoT solutions, such as immature end-to-end solutions, a lack of security standards, difficulties in monetising security solutions as well as the inability to realise the full potential of security solutions. As market demand is currently still predominantly driven by other aspects (design, usability, etc.), the European Union Agency for Cybersecurity (ENISA) proposes to define liabilities on the part of policy makers that could often remedy this situation.

Compromised IoT & Smart Home components could, in many cases, have serious security and privacy implications (e.g. hacking of smart locks, thermostats, smoke or CO2 detectors). However, these may well also cause major financial damage, such as in the case of a WannaCry attack that specifically targeted the UK National Health Service. Due to the aftermath of the ransomware attack, 16 hospitals in the UK were closed. The inability to access medical records affected security, revenue (by obstructing essential functions) and data security.

Of course, for the affected company whose IoT devices were hacked, this incident also brings a crucial loss of customer trust – an aspect difficult to quantify – however, one that can have vehement consequences for the company’s success. In the case of national healthcare systems, however, there was no evidence that patient data had been compromised, although operations were severely impacted. Technical measures could cover much of this risk, but implementing these aspects into manufacturers’ product development is often expensive, and there is no clear incentive to naturally regulate the vulnerable solution.

Identifying future challenges for police and forensics

By taking a holistic view of the potentials and risks in the area of smart environments and the Internet of Things for the police and their investigative activities, future forensic opportunities and challenges were identified and, in a further step, subjected to an examination of the potentials and risks in the area of smart environments and the Internet of Things.

In order to identify the challenges, an analysis of prototypical attack scenarios on intelligent smart home systems was carried out. Based on an international case collection in which around 60 international cases were documented, typical phenomena were categorised in a “Threat – Taxonomy” in the first step. In the second step, the respective case category was subjected to a criminal law assessment. In doing so, the currently existing and applicable offences were and are briefly presented in general terms and are then applied to the specific case.

After identifying typical fields of risk by analysing prototypical case constellations, potential prevention strategies will be formulated. In the course of such an analysis, which has been carried out or is still ongoing, those attacks are identified that can be easily recorded from the point of view of substantive criminal law and contrasted with those groups of cases in which a relevant need for protection has been recognised, but in which there are gaps in protection. In these cases, suitable mechanisms for remedial action are considered.

Links

Project website: https://www.iothreats.at/

Keywords

Smart Home, Threats, Hacking, Internet of Things, Cybercrime

[1] https://www.mordorintelligence.com/industry-reports/internet-of-things-moving-towards-a-smarter-tomorrow-market-industry