This is an excerpt from “Smart Homes and the Internet of Things”
View the full article here 

Security Challenges

All systems can fail; there is no system without flaw. Engineers know this and adapt their work to be resilient against known and likely accidents and adversaries. Homes— smart or otherwise—are no different. But environmental hazards from software and connectivity pose distinct challenges for smart homes. All software code has flaws and connectivity increases exposure of these flaws to more hazardous and potentially hostile interactions. A study by the Carnegie Melon Software Engineering Institute suggests that the lower limit for commercial software may be one to seven flaws per one thousand lines of software code. However, the lines of code in each device continue to increase, as do the number of devices that constitute the systems of a smart home. The aggregate lines of code across all of our smart home devices are approaching hundreds or thousands of exposed, exploitable flaws if they do have not already surpass those levels. At the point where this technology has the potential to impact human life and public safety, a higher level of care and attention is warranted.

Meeting the Security Challenges: Recommendations

IoT device makers can demonstrate to potential buyers their commitment to building trustworthy devices. These signals create a competitive advantage over products and brands that do not pay equal attention to safety and security. Integrating safety and security of the connected software components throughout the design and manufacturing phases aligns incentives, placing the cost where it can be most effective, and ensures a consistent customer experience that meets their expectations. The following list includes many ideas already in practice for integrating security in design, as well as new ideas discussed among IoT stakeholders and identified here for more discussion.

  • Security by design
    • A published commitment to integrating security throughout the development, manufacturing, and deployment life cycle. Key elements, such as adversarial threat modeling, resilience testing, and reduced elective complexity, lower costs and shorten the timeline of securing IoT devices.
  • Third party collaboration
    • A published policy accepting help from willing allies acting in good faith, such as customers and security researchers, who find and report flaws. Failure investigation Record and review evidence of failures to identify and address root causes, while preserving customer privacy.
  • Remote updates
    • A secure, prompt, and agile response to security or other flaws greatly reduces support costs, increases consistency of experience, and allows feature improvements over time.
  • Safe failure modes
    • Protections to ensure that failed or manipulated components do not put safety at risk. For instance, preventing the spread of failures, making failures evident, and failing in a way that does not harm safety or privacy.
  • Standalone Operation
    • Document which specific features and benefits will continue to work without Internet access and chronicle negative impacts from compromised devices or cloud-based systems. The most proactive companies may find it less expensive to buy back obsolete devices, rather than continue to support them.
  • Safe options and defaults
    • Give owners clear guidance on why and how to configure devices to their own particular preferences, and ensure that defaults are reasonably safe and secure.
  • Data protective measures
    • Describe the protection of customer data against unwanted modification, removal, or disclosure, including how to safely remove data upon resale, loss, or theft of the device (or home).
  • Informed consent for data use
    • Describe the ways in which customer data is used or will be used, as well as methods for consumers to opt out. This includes change in ownership of the company, or sharing information with third-parties. Other good practices are emerging and will continue to develop over time as the smart home market matures. These recommendations are meant to work alongside, not to replace, practices already in place in the traditional manufacturing of consumer electronic goods. All consumers—even non-technical ones—can use consumer protection remedies and market forces. The effect of consumers’ actions can shape the decisions manufacturers make when bringing IoT devices to market. However, their effects may take some time to manifest, as the design cycle can be months or years for new devices. Early adopters and those more comfortable with technology can employ more technical safeguards in the short term, such as changing default passwords, updating firmware, and reviewing security and privacy settings. Though buyers who tend to be less familiar with technology should not be inadvertently exposed to risk.