Is My Smart Home Telling People What I Do Every Day?
2017 will forever be known as the year that the smart home started to take off. Researchers estimate that Amazon has sold over 15 million Echo devices to date. Plus, Google has sold another 5 million Google Homes. The overall smart home market is expected to grow to over $50 billion by 2022. Already 1 in 4 U.S. households has some kind of smart device in their home. With all the smart thermostats, smart fridges, smart light bulbs, smart doors and windows, personal assistants, and smart home surveillance, internet-connected home devices are rapidly stacking up in U.S. households. These devices are adding convenience and efficiency, but are they safe?
In this realm it seems that the technology has gone quickly beyond our ability to secure it. At this year’s DefCon, a security-focused industry event, 16 Bluetooth-based smart door locks were tested and 75% were easily hacked in real time during a presentation at the event. Fast forward to the near future where many devices within the home are connected and two very real problems arise. 1) Criminals taking over smart home technology to break in to my house and 2) Criminals using smart home technology to profile my daily behaviors and routines for future nefarious use.
Enter the service provider, where 75% of connected home services are sold and managed. U.S. service providers have stepped into this burgeoning market and begun to re-tool their sales forces and technological capabilities to help consumers set up these complex systems. The U.S. leads this market in smart home penetration, followed by Japan, Germany, China and U.K. Service providers understand that scaling and automating these home networks is key to providing the true value that they represent to consumers. Instead of integrated vendor islands of thermostats, locks and home surveillance cameras, service providers have the capabilities and the capital to create a more complete and seamless experience for the consumer where all devices can work together and are accessed through the same consumer portal for a “single pane of glass” experience.
But how to secure it? Service providers need to make the additional investments to protect the control plane of these devices to prevent bad actors from controlling locks and windows. Just as service providers have seen in their core businesses, failure to do so can result in application attacks which at best reduce the performance of the network and at worst can result in outages and debilitated service for the consumers. Add that to that the fact that criminals have a new data source to mine for daily patterns of the consumer that service providers need to protect. Without additional protection on the application data itself, criminals could gather valuable information about your daily habits in the home. What time do you get up in the morning? When do you leave for work? When do you get home? What time do the kids watch TV after school? When are you typically in the shower? What time do you eat? When do you typically go to bed? You get the idea. Service providers are well positioned to protect the consumer and offer the value of smart home services without the risks. U.S. service providers need to act first to capitalize on this opportunity, but the service providers in developed Europe and Asia need to be right behind and prepare for the consumers in their markets. Radware has tools available, like an online calculator, to demonstrate the ROI for service providers to become managed security service providers. It’s time to prepare before bad actors know when I shower every day.