I love technology. I love how it can help make your life better, easier to manage, and some of it is just so cool. Over the last couple of years we’ve seen a trend toward the Internet of Things, or IoT. IoT is a pretty broad title that covers everything from small industrial sensors at power plants to home automation systems in your house, even connected cars. It’s possible that you might even have IoT devices in your house and not even know it.
In my house, I have a Wink home automation hub. It’s a great little first generation hub for controlling a wide range of devices. The technology isn’t bad, and it helps bring together most of the different types of wireless technologies that have been developed for home automation. With this device, you can add all kinds of connected things to your house, to make life simpler, safer, and in many ways, fun.
For example, I have an electronic lock, wireless light switches, a Nest thermostat and camera, and even a connected doorbell. All of these are attached to my Wink Hub, and I can control all of these devices from my smartphone, get alerts and set up timed events. When someone enters the code on my electronic lock on my front door, it will automatically turn on the lights in the foyer and living room, a handy feature, so you don’t have to fumble for the lightswitch. Additionally, when my daughter uses her code to enter the front door, the Nest camera takes a snapshot and emails it to me. All of these things are made possible by the Wink Hub.
However, I am also a digital security expert, so I know that while I love the convenience of these devices, the sad truth is while my life might get simpler in many ways, it is also opening me and my family to some potentially serious dangers.
You see, these technologies were designed from the position of user convenience, not user security. Therein lies the problem. All of these devices are inherently unsafe, with poorly designed security. The most obvious is that my entire home security network is trusted on my smartphone. Once I am logged into the Wink App on my phone, it stays logged in, indefinitely. I mean, it would be less convenient if I had to log into Wink each time I wanted to turn on a light or open my front door lock, I get that. But at the same time, if I lose my phone, anyone who finds it can turn on my lights, turn off my heat, open my front door, shut off my cameras, etc.
There are a number of more complex attacks hackers can perform to gain access to your home network, but all of them require the attack to be at or very near to your house and have access to your Wi-Fi network, which some of these devices use to communicate. Those complexities are a topic for another article. For now, let’s just focus on the obvious. In this example, your smartphone has become the key to your house, your life, and even your car, and it is also insecure.
What About Authentication?
There is, however, a silver lining – biometrics. Technologies exist, and are being deployed today, that allow your phone to more accurately, and securely, identify you before performing some action. This means, if someone gets your phone and tries to steal your money or unlock your house, they can’t, because they aren’t you.
This is the answer to IoT’s security problem. It is both convenient and fast, and doesn’t require much action from the user. Additionally, you can’t lose your biometrics, like a password or a key. So be aware of the issues, and realize that a solution exists. We need to be educated regarding cybersecurity risks, whether it’s a corporate access solution or a home automation system, so that companies making these devices implement better security for the coming IoT revolution.