The number of IoT-connected devices in 2019 was 7.74 billion. The forecasted figure for 2025 will (more than) double, reaching 16.44 billion devices. We are talking about a heavily used technology, coming in all shapes and sizes, with limited regulation and standards bound to it. Lack of security awareness by both end-users and manufacturers should raise alarm bells.
Smart home technology and appliances fall under the IoT category – currently one of the most vulnerable security landscapes. This is due to a lack of compliance. Security issues are loosely addressed, and IoT manufacturers are rushing to launch the next big thing by securing the bare minimum.
Smart home devices, although handy and convenient, pose both physical and informational threats if compromised. Since most devices are app-controlled, mobile app security practices should be applied as well. To raise awareness, ASEE reviewed some of the most alarming scenarios.
Smart home systems have a number of additional flaws, ranging from insecure passwords to non-existing update requirements. This allows hackers to easily bypass existing, loose security measures. Once a single device within a smart home is compromised, all others are just waiting for their turn. Why? The chances for all of the devices being connected to the same wi-fi are pretty high.
Let's take smart locks as an example. When compromised, an attacker is in control of who gets access in or out of the house. The most obvious case scenarios are letting the intruders in at a convenient time or locking the actual resident outside their home.
With smart speakers, hackers tend to get pretty creative and use them as a gateway for their next attack. Don't think about it as just harmless fun in the form of giving silly commands. By gaining access to a smart speaker, all of the prerecorded voice data can later serve for voice authentication.
There are cases when a specific individual from the household is the target. This is a sensitive topic when the targeted individual is a child. Today, smart toys are incredibly interactive and offer countless features that childer adore. But what happens when a toy turns out to be an espionage device hiding behind a doll's face? This is not an exaggerated example, as there was a recent security incident with the ''Cayla doll''; presumably recording and storing voiceprints of the entire household at all times.
Smart vacuum cleaners are notorious for being a handy medium for attackers who want to gain access to house blueprints. Also, by examining the patterns of when the vacuum was on and when did it charge, it is possible to assume when is the best time to break in.
Smart light bulbs are probably the last smart home device to take seriously when discussing security issues. However, recent events point in a different direction. Compromised home lighting is much more than the attacker playing day/night with you. Power outages caused by compromised smart light bulbs are able to cause issues in other smart home security areas such as surveillance cameras and smart locks. That's why you should never underestimate the underdog.
Having in mind that the vast majority of IoT devices come with a mobile application, demands additional security measures. Those measures include mobile application security software able to respond to threats in real-time.
App Protector is a piece of software providing detection and prevention of real-time attacks on a mobile app. Attacks and threats covered by ASEE's solution are hooking, debugging, screen recording, emulator fraud, and detection of whether the device is jailbroken/rooted. By integrating App Protector with your mobile application, you're making the security of your application and its users a priority.
To get more insight about App Protector, download the datasheet or contact our security experts – zero obligation. Our ASEE team will be happy to hear you out!