11.15.19 – SSI – Jon Williamson
Home controls and connected devices bring convenience, but also vulnerabilities. As a security systems dealer, learn how to fulfill your obligation to ensure customers are protected.
How smart can a smart home get? Today, security professionals are pushing boundaries to provide innovative solutions that we could only have dreamed of 25 years ago.
While home automation has become a convenient normality in residences across the world, its scope has extended far beyond simply turning lights off and changing the temperature with one’s voice … and hackers are noticing.
Automation improves daily lifestyle, but also provides a security solution accessible from anywhere. Where there is convenience for end users, there is also convenience for hackers.
By using devices that connect to the Internet, there are inherent security risks. It is the job of the security dealer and systems integrator to be sure their clients are protected.
Let’s investigate some simple steps to help deliver on that responsibility.
Cyber-attacks are expected to increase, especially as home automation technology continues to evolve and becomes more readily available at a reasonable price. Hackers do not care about someone’s business, livelihood or peace of mind.
It’s critical that security dealers and systems integrators ensure that home automation systems can exist in a way that will not pose a cybersecurity threat. Homes should be a safe haven, and it is the integrator’s job to keep it that way.
Still, this increase in home automation attacks is forcing security professionals to ask themselves: Why home systems now? Automation is nothing new, but using it as a tool to gain access to more sensitive systems is.
Wireless doorbells, keyless entry, digital thermostats and lighting systems are a few of the ways hackers are gaining access to homes today.
Because the systems in a home automation setting are controllable via Bluetooth or Internet connection, it opens the door for hackers to use a seemingly innocent device, such as a wireless doorbell, as a point of entry.
This allows them to then gain access into something of higher importance, such as a computer. From there, hackers can gain access to a users’ most private information, including banking information, passwords or lock/unlock schedules.
Homes equipped with automation are being targeted because they have multiple devices that connect to the Internet and, as we know, an Internet connection means cyber vulnerabilities.
The more devices a user has, the more vulnerable they are to cyber-attacks. Once a hacker gains entrance to a home system, users fall vulnerable to cyber physical attacks.
Cyber physical attacks occur when hackers are able to intrude over the wire/Internet and enable an action such as disabling security systems and then physically enter homes to steal or hack information directly rather than remotely. Home automation opens the door to new threats both literally and figuratively.
Basic Cybersecurity Steps
When it comes to designing a system, there are three key points to keep in mind to ensure the highest levels of security are upheld.
1. Multifactor Authentication
Multifactor authentication protects data while simultaneously assuring that the homeowner is indeed the homeowner. Hackers can guess passwords but the odds of them breaching multiple levels of authentication are slim. The more factors set in place create the reduced risk of an intruder gaining access to a private system.
It is best to combat attacks before they happen, rather than wait for a system to be compromised. As the saying goes, it is not a matter of “if ” a user will fall victim to a cyber-attack, but rather when. Multiple layers of security are a good practice to deter potential hackers.
2. Encrypt the System
This probably seems obvious, but is the first line of defense against potential threats. It is one of the best methods of safeguarding privacy. This is especially important when protecting people’s homes.
We live in a world of constant connectivity — whether through phone calls, emails, online purchases or social media. Actions that seem innocent, such as setting up a recurring delivery for pet food, can actually pose some big threats.
Homeowners believe once a system is set up, they are good to go. With the right integrator, only after security measures have been implemented, this is the case. Without encryption in place hackers can easily intercept online logins, banking information, and can discover schedule patterns for when doors are locked and unlocked, such as when people are home.
Gone are the days when passwords were enough to secure your life from intruders. Integrators need to encrypt everything to be sure cyber integrity is upheld.
3. System Updates
If the system is not regularly updated with patches, then over time hackers will find new ways to infiltrate it. Just as humans need a new flu shot every year to protect against changing virus strains, security systems require the same level of routine maintenance.
The industry is constantly evolving for the better. However, as fast as new technologies evolve, so do new hacking methods.
Integrators should always think ahead and anticipate what might be a vulnerability in any system. While a low-cost device, such as a motion sensor outside the home, will save the user money, it can also enable some activity that could ultimately raise a risk for the homeowner.
In some instances, this can force both the integrator and the user to compromise. If you cannot trust the connectivity of a particular device that is costly, you may opt to use a less-modern solution, such as wires, that use technology that is not accessible from the Internet. It is important to not just look for the cheapest solution, but to implement the one that will not raise the risk level for end users.
Vendor Choice Is Key
Now that you have an idea of the base-line functionalities you want your system to have, it is time to select a vendor. Integrators can utilize best practice solutions, but it is just as important for the vendor to complete its due diligence when it comes to protecting customers.
Homeowners who choose to implement home automation solutions do so with the understanding that it is easy, streamlined and risk-free.
Most people are not cybersecurity experts and, in turn, expect whoever they’re contracting with to provide top-of-the-line service and recommendations.
The challenge for dealers and integrators in this scenario is not in implementing best practices, but rather in choosing cameras and solutions that will ensure maintenance of the cybersecurity.
As in any market, manufacturers compete to provide the latest and greatest solutions, but often the race to be first leads to long-term issues. There is great pressure to make cutting-edge solutions available. This idealized manufacturing timeline typically results in products that are not completely vetted.
While some companies go about deployment in a mature way, by designing cameras with cybersecurity in mind from initial development, others position cyber as a second thought compared to functionality.
Integrators are advocates for their customers and should recognize that the latest solutions are not always the greatest.
By making sure the product has built-in security protocols, it alleviates the need to take additional steps and saves both the integrator and user time and money in the long run.
Homeowners are bringing experts in to simplify the process as much as possible; what simpler way than choosing products with out-of-the-box capabilities? Functionality, cost and security should be the three determining factors when creating a solution.
Propagating Best Practices
When it comes to cybersecurity, the industry has been vocal about its commitment to best practices and education as it relates to video surveillance and access control solutions.
Integrators have become increasingly proactive to ensure they are delivering the best solutions possible, while simultaneously providing the highest level of security.
Home automation is gaining much attention from hackers and, in turn, dealers and integrators must invest their time and efforts equally.
Jon Williamson is Director of Cyber Solutions for Building Technologies & Solutions, Johnson Controls.