The Smart Home brings technical solutions into people´s houses and apartments, equipped with lighting, heating and other electronic devices that can be controlled remotely by a smartphone or computer. These home automation technologies offer a variety of advantages, from increased flexibility, over maximized home security to increased energy efficiency. However, if smart homes are not adequately protected, hackers can take control of these connected devices and spy on private data. The IoThreats project is taking this flaw into consideration and explores solutions and strategies to avoid that the smart home is becoming a “haunted house”.
Heating systems and surveillance cameras that can be controlled by a smartphone, lamps that dim automatically, vacuum cleaners that do all the work by themselves: A smart home offers a lot of comfort and functionality to its residents. These interconnected technologies are more broadly known as the “Internet of Things” and are increasingly becoming an integral part of our households, making them more convenient, more safe and more intelligent. According to the market research company Gartner, the year 2017 has marked a milestone in the expansion of these technologies – for the first time, there will be more networked “things” than there are people on our planet. According to the International Data Corporation (IDC), the amount of IoT devices will even increase tenfold up to 80 Billion worldwide until 2025.
Security researchers, however, have demonstrated the risks and vulnerabilities of these devices. A multitude of devices lack proper security standards and can be easily hacked. In this way, all the networked devices can reveal when residents are regularly out of their home. Oftentimes, hackers do not even have to use elaborated techniques, as standard passwords are oftentimes so weak that they are easy to crack. The good news: If all devices are connected by cable and all data is processed on site, it is largely safe. This also applies to remote control as long as an encrypted direct connection (VPN) is used. The bad news: Smart home technology often runs on cloud computers on the Internet. This makes it easier for consumers to control their smart homes through an app and allows manufacturers to record usage habits and send updates to the devices. The integration of the widespread voice assistants from Amazon, Google, Microsoft or Apple (“Alexa, turn off the light in the living room”) is also not possible without the cloud.
The Project “IoThreats: Future challenges, technologies and requirements of smart homes in a security-relevant context” aims to identify and collect technologies and technical standards in the field of smart homes and smart environments with specific focus on the Austrian market. IoThreats is funded by the Austrian security research programme KIRAS, which supports research projects whose results will contribute to the security of all members of the society. The project will evaluate potential threats and attack scenarios in smart homes to validate them together with the Austrian Ministry of Interior. The main goals of the project are:
- Definition and categorization of the complex topic of the Internet of Things and presenting the state-of-the-art in a police context
- Identification of future police and forensic challenges and opportunities in the Internet of Things including legal regulations
- Structuring the gained knowledge for the prioritization by the ministry of the interior and its use after the duration of the project
- Formulation of recommendations for action for the future use and handling of the Internet of Things together with the ministry of interior
- Ensuring the sustainable use of the results by national and international users and raising public awareness
Over the course of two years, the research and development company SYNYO will coordinate the project and together with the project partners Johanneum Research, the Austrian Center for Law Enforcement Sciences (ALES) and the Federal Ministry of Internal Affairs (BMI) and will elaborate on the current state-of-the-art in the security-relevant context of smart homes. At the same time, the project is intended to address further international users, experts, as well as researchers and developers through effective communication and dissemination of the project results. The project not only aims to stimulate a scientific discussion but also to sensitize the public to smart devices and their potential security implications.
Project website: https://www.iothreats.at/
Smart Home, Threats, Hacking, Internet of Things, Cybercrime