The more control we give over to network connected devices, the more threats we face. This sounds scary, but it’s the truth. Now we’re not telling you to rush off and disconnect everything from your home network, but with digital innovation comes a higher risk of information leaking, or someone gaining control of something they shouldn’t be able to. This is just one way that the security industry has had to evolve so the public’s information can remain secure. The more everyday items become part of the Internet of Things (IoT), the more the security industry must marry up concepts from both the cyber and physical sectors of security.
In recent years, we’ve seen a substantial increase in items that can be classified as belonging to the IoT. Smart thermostats, smart locks, security cameras, doorbells, and even blinds can be equipped with network capabilities to make our lives more convenient. Who wouldn’t love waking up in a home that knows when you’re in a room, making it warmer and brighter, or never leaving the house again having forgotten to turn the lights off. What was once the vision of a luxurious future has become commonplace thanks to the widespread availability of network connectivity. However, a network connection inherently provides a backdoor for someone to gain access to your personal data. There’s no way to hack a traditional deadbolt lock (outside of a lockpick that is), but a lock that you connect to your home network, allowing you to lock and unlock your door wherever you’re connected to the internet is susceptible to another form of forced entry. The wrong person could potentially gain the information you’ve used to register an account with said lock’s manufacturer, or in an extreme scenario gain physical access to your property.
This is a perfect example of where physical security and cybersecurity must work together to keep you safe. In the instance of a forced entry, many smart locks will send a notification to a connected device that someone is attempting to gain access to your property. Additionally, most smart lock providers work to ensure your data is kept safe, and that no one who shouldn’t be able to access your information can.
A smart lock is, of course, just one example of a relatively new form of security challenges we face. On a larger scale, the Security Industry Association wrote in The 2018 Vision for the Security Industry that “In October 2017, the U.S. Computer Emergency Readiness Team warned users to update their devices to protect against a newly discovered vulnerability that affects nearly every modern, protected Wi-Fi network.” This vulnerability would allow attackers to use a KRACK, or Key Reinstallation Attack to gain access to emails, chat histories, credit card numbers and more. We also saw the Equifax consumer credit reporting agency fall victim to an attack, compromising an estimated 143 million customers. “With the ongoing trend to greater integration between sensors and devices with the IoT and other automations, the physical security industry is on high alert.” (Security Industry Association, The 2018 Vision for the Security Industry). Manufacturers are facing a much more hostile environment than ever before but cutting-edge methods are being employed to keep you fully covered. Underwriters Laboratories (UL) has rolled out a new Cybersecurity Assurance Program (UL CAP) which utilizes testable cybersecurity criteria for network-connected product to assess vulnerabilities. This is one way the industry is minimizing risk, exploitation, address known malware, and review security controls.
So what can you do to keep yourself safe?
Many of us already know the best practices for keeping ourselves safe in this digital landscape, but in the interest of convenience, will often opt for a less secure route. It’s important to use unique access credentials for various accounts. If the username and password combination is the same for your smart lock app as it is for your email account, as it is for your online banking profile, well…you get the idea. Updating your passwords regularly is helpful too. Refrain from willingly giving out your information online as well. Recently, an online quiz was distributed over Facebook surrounding the excitement of the royal wedding. This quiz would generate your ‘royal’ name based on: one of your grandparents’ names, the name of your first pet, and the name of the street you grew up on. Sound familiar? These are fairly standard security questions used to recover forgotten passwords online. We’re not saying that the person who wrote this quiz had malicious intent, but with that information out there, a third party could certainly log the data to mine for account access down the road. The best practice for staying safe online is to not share this type of information willingly online.
Once again, we’re not suggesting that you completely cut yourself off from your network connected devices. We use them too. As more previously analog devices move into the realm of ‘smart-devices’ it’s important for you to be smart as well. Between you being a conscientious user, and the security industry providing cybersecurity as a service to manufacturers, your information should be safe and sound and you can get back to asking Alexa if cats can eat pancakes. If she starts laughing unprovoked however, we may have a whole other issue on our hands…