For new smart-home gadgets, the spectre of insecurity looms - Action News
Home WebMail Friday, November 22, 2024, 04:12 PM | Calgary | -10.8°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
ScienceCBC AT CES

For new smart-home gadgets, the spectre of insecurity looms

In recent months, hackers have bent armies of internet-connected cameras, routers, and similar devices to their will to launch crippling cyberattacks putting the spotlight on makers of similar products at this year's CES.

At this year's CES in Vegas, some companies are keenly aware of recent threats facing products

Carrier unveiled a new line of internet-connected products for the home at CES 2017, the annual consumer electronics show in Las Vegas. (Matthew Braga/CBC News)

Amongst technology experts, it's often said that the internet of things is a security nightmare.

The term is commonly used to refer to the myriad connected devices that are increasingly making their way into in our homes from Wi-Fi-capable dishwashers to vacuum cleaners, light bulbsand more.

Within each product is basically a tiny, low-powered computer. But unlike a laptop or smartphone, many of these devices have been found to be notoriously insecure.

In the past few months alone, hackers infected thousands of vulnerable internet-connected cameras, routersand related devices, and used their combined power to launch crippling cyberattacks on popular internet websites.

Researchers, meanwhile, have found flaws in popular internet-connected light bulbs bugs that have since been patched and even suggesteda well-crafted viruscould spread from bulb to bulb.

The security of these devices, this is what's going to make the smart home happen or not.- RomainPaoli, head of product atNetatmo

And, of course, there is the ever-present fear that connected, smart-home devices especially ones capable of recording audio, video, and other personal information could be used to spy on their owners. (It certainly doesn't help that voice recordings from Amazon's personal assistant, Alexa, are being used in court as evidence for the first time.)

"The security of these devices, this is what's going to make the smart home happen or not," said Romain Paoli, head of product at Netatmo, a maker of connected home security cameras, thermostatsand smoke alarms."We're not happy to see competitors fail, because it hurts us too."

Addressing security issues

CBC News interviewed representatives forNetatmoand a handful of companies with connected smart-home devices earlier this week, at a preview event for the Consumer Electronics Show(CES 2017) in Las Vegas that officially opens today. All arekeenly aware of recent threats facing their competitors' productsand the industry at large.

Naturally, they all praised the security of their devices and frankly, it would be weird if they didn't but at the same time, admitted that no piece of technologycan ever be completely secure.
A Samsung refrigerator with Family Hub 2.0 was among smart-home products on display before CES International opened Wednesday in Las Vegas. Family Hub 2.0 features an interface on the refrigerator with apps that can be controlled by voice recognition. (John Locher/Associated Press)

"We're trying to sell this thing to every homeowner in America," saidBryan E. Mitchell, a public relations manager for air conditioner company Carrier, which also has a new line of connected smart-home products."So we have to go to the homeowner and say, 'Hey listen, we live in a vulnerable world, we're going to do all we can.'"

Carrier, alongside Netatmo,MoenandSomfy,say they'veenlistedthird-party companies to conduct regular audits of their hardware and software something that security experts typically considergood practice. This means reviewing codesfor bugs, and attempting to find vulnerabilities in devices much as an actual attacker would, ina process called penetration testing.

Each company also boasted of using end-to-end encryption to protect data travelling to and from their products, and the importance of having strong password requirements that are less likely to be easily cracked or guessed.

Mitchell went so far as to claim that Carrierrelies on "the same folks that are testing our systems to make sure the fighter jets and space suit technology is safe." (Carrier is owned by United Technologies, a manufacturer of aircraft engines and aerospace equipment for military applications commercial aerospace, defence and building industries.)

Step in the right direction?

Moen,more commonly known for kitchen and bathroom fixtures, unveiled a connected shower system that can be controlled from a phone. Though some of the software and intellectual property was developed in house, the companyturned to a third-party hardware companycalled Grid Connect to putit all together.

"This is Moen's first smart-home product, so we're not going to just jump in and do it ourselves with no experience. We want to make sure it's done well," said a spokesperson.

All of these efforts certainly sound like a step in the right direction for a product category that hasn't had the best security track record of late. But whether the industry as a whole is moving in this directionlikely won't be obvious for quite some time. A thermostat or dishwasher isn't something that gets replaced often,and even with software updates, insecure products already in the market will undoubtedly remain in use for years.

At the same time,the sheer number of connected devices coming online meansit may prove impossible to adequately secure them all.

And as with any technology claiming top-of-the line security practices,in the absence of an independent third party to verify such claims, you only have companies'word thatthey're telling the truth.

A good place to start:don'ttrust anyone that claims their products are 100 per centsecure.

"If they do," saidJean-SbastienPrunet, marketing director forSomfy, which introduceda new home security camera,"it's a lie."