Smart home technologies have introduced new issues for the security community. Convergence between home automation and IP technologies propagates security risks, in a field where impact might result in material damage and physical harm. In this vendor neutral article, security concerns are discussed and some mitigating suggestions are made, along with a case study.
Introduction: “Smart Homes”
Lately, almost every aspect of an electronic home’s or office’s environment has become more intelligent and integrated in its internal management of audio/video, heating, cooling, lighting, surveillance, and interfacing with motorized controls for shutters, curtains, and gates.
These “smart homes” are the result of collectively marrying hardware, software, and dedicated protocols to monitor and control a home’s total environment. The goal is to provide user-friendly control solutions throughout an entire house and thus achieve a new quality of life for the inhabitants through the intervention of modern technology.
Smart home technology has been using proprietary and open home automation solutions such as AMX, Crestron and EIB/Konnex for years. Now, they are integrating with traditional IP networks and services.
A typical smart home installation consists of a central master control which runs the main program and issues commands to auxiliary devices through infrared, serial, contact closures, and Ethernet type controls. Touch panels, keypads and remotes represent the user interface. The central controller usually has standard TCP/IP services such as telnet, SSH, FTP, and HTTP along with an administration interface provided.
Where Is the Danger?
Consider the possible consequences of a neighbor using your wireless network to browse the Internet, without your knowledge, and suddenly boiling water is triggered to fill your bathtub. What if your small child is awakened at night by frightening loud music, or erratic lighting. An embarrassing situation, with psychological impact, could arise when an adult porno television channel is suddenly switched on in a child’s room.
An even more sophisticated plan, initiated by artful thieves, to rob an entire house could be scheduled. Entry doors could be opened, and the security alarm system could be suppressed when the time was convenient for them to act.
In commercial buildings elevators could stall trapping riders between floors. Fire alarms and sprinkling system could be set off because of a compromised central processor with the obvious result of material damage.
The most important issue is the direct threat to health, like the example provided of boiling water in the bathtub. Traditionally, we think that being inside our home, we are in full control. This is an idea that was true for decades, but now, unfortunately, this belief is only partially true.
Smart home networks are also in control. They have equal electronic rights in monitoring the installed home equipment. This should not present a problem, that’s the main reason you bought and paid for it. The problem begins when a smart home system is connected with a home or corporate IP network which, in turn, is usually connected to the Internet.
I would not be mistaken to say that home LANs (Local Area Networks) have the worst security reputation. The lack of security awareness and the do-it-yourself approaches have resulted in the absence of proper network design and implementation. Unprotected home LANs with open wireless access points, default passwords and settings, have become a paradise for hackers.
Usually, smart home control boxes come with default settings that provide minimum protection. Further steps must be taken by a system integrator to increase the level of protection; such as changing default passwords and settings, disabling telnet service, setup HTTP over SSL, etc.
It is the responsibility of an integrator to perform the proper setup of the smart home system when IP interface is an integral part of the system. However, it is unreasonable to expect an integrator to have all the required skills of IT related security and convergence issues may soon arise.
The situation is getting worse. It has been noted that it has not been the practice of addressing security concerns in written integration contracts. This may be due to the involved costs that are associated with hiring IT professionals, mandating security training sessions, or because of ignorance of serious incidents, with dire consequences, which have established legal precedents.
As a result, relaxed home LAN security, and the lack of IT security awareness among integrators, is capable of creating a dangerous mix of conditions which may result in material damage and physical harm.
Potentiality of The Threat
A study conducted on Big Brother of smart home technologies â€“ SCADA (Supervisory Control And Data Acquisition) systems are being used to address utilities such as natural gas, water, and electric power systems. Results indicate that “there is a security problem and it may be more widespread than most engineers believe. For the 2001-2003 period, externally generated incidents accounted for 70% of all events, indicating a surprising and significant change in threat source” .
We expect a similar security trend with smart home technologies, as they are becoming more widespread and interconnected with the Internet. Smart home systems are simpler than SCADA, so less knowledge is required to gain control. In addition, there will be far more than SCADA, smart home installations available for attack attempts.
Due to the immediate visible effects, caused by a security breach, such as playing with lighting or lawn sprinkling systems, or the motor controls of gates, and shutters, etc., a smart home could quickly become an attractive target for tech savvy, hacking, youngsters.
Being a central control center, a smart home installation system in a large community, or a commercial building might be a tempting device for disgruntled employees, malicious outsiders, or a terrorist group.
The author of this article conducted a small experiment. He left the central controller with default settings on a network segment outside a firewall. By default, telnet was running with no authentication. In a few hours the box registered telnet connections from Brazil and the Czech Republic. It demonstrated that within a relative small time frame, control could be compromised over an existing smart home with an improper security setup.
Possible Attack Vectors
For a successful attack the IP interface of a smart home network should be an easy target. Unfortunately, in many cases it is due to predefined passwords and default system settings that are left unchanged.
Needless to say, a compromised machine inside a home or office LAN, may also launch an attack. Relying only on strong perimeter protection gives a false sense of security. It is critical to consider everything outside a smart home system as a hostile environment. So the IP interface must be set to a maximum level of security.
We would also like to specifically mention the importance of wireless security in relation to smart home technologies. Smart homes are beginning to use wireless 802.11x based devices, such as wireless touch panels.
At this time, to the best of author’s knowledge, the most advanced wireless security specifications, such as WPA2, or WPA (Wi-Fi Protected Access), are not being yet implemented for smart home devices. Only security weak WEP (Wired Equivalent Privacy) specification is used.
Residential or corporate installations are not high security areas. There will always be radio frequency leakage from access points to the outside. Considering this, wireless might be just another very likely attack vector.
First of all, it’s most important to review and setup the IP interface of a smart home system to the maximum available security level that is suggested and provided by the manufacturer.
Change all predefined passwords, and disable all unnecessary and proven weak security services. For example, you may consider using SSH instead of telnet, or disabling telnet entirely. If available, setup HTTP over SSL for a web server. HTTP usually uses basic authentication, where credentials passed over by networks use plain text. Do not use any easy, guessable passwords. If possible, regularly perform log audits for any suspicious entries.
The first phase when planning the installation is finding a trade-off between possible impacts and costs associated with network design and equipment. You may try to outline a few scenarios when the smart system is compromised and consider possible impacts that may arise. Although complicated, this should be an important concern.
There have been many articles written concerning the best home networking security practices. The only important note is that a dedicated VLAN (virtual LAN) with a strict firewalling would be almost ideal, as it rules on incoming traffic for the smart home network segment.
Regarding wireless security, MAC (Media Access Control) filtering may be a beneficial addition to WEP. TEMPEST, a kind of protection used to avoid wireless signal leakage, is impractical and costly in our case, though wireless antenna types and location can be considered.
Also recommended is a binding security contract with a smart home integration. The contract should state what activities and responsibilities are expected from the integrator. Locating a competent legal adviser, for preparing such a binding document, is highly recommended.
Case Study â€“ Residential Installation
As a case study, we would like to consider a residential installation containing more than a 6,000 square feet of living space, including sophisticated entertainment and an office environment. A smart home system controls centralized audio/video distribution, lighting, watering, HVAC, door locks, windows, surveillance, motorized controls for such devices as gates, lifts, shutters, etc.
A smart home system runs on maximum onboard security mode using HTTPS and SSH. All unnecessary services are disabled. Internal communications are encrypted with ARC4. The network segment it is a part of a very comprehensive and highly secured network based on IEEE 802.1x standard multiple VLANs.
A dedicated VLAN is assigned to the smart home with strict ingress and egress filtering. The wireless part of a smart home network is under WEP (maximum available specification at the moment) with MAC address filtering enabled.
Though comparative costly, the installation shows approaches in mitigation and it addresses the risks associated with convergence between smart home and IP technologies.
More and more aspects of the home environment are becoming controllable by smart home technologies. This process is inevitable as it introduces a simpler and better quality of life.
Convergence between smart home and traditional IP technologies propagates security risks, in the field where impact might result in material damage and physical harm. Relaxed home LAN security and the lack of IT security awareness among integrators, is capable of creating a dangerous mix of conditions that may result in the realization of a threat.
Understanding IT related security threats and important countermeasures among system integrators is essential in preventing harm. Smart home system owners are advised to request a level of service in which security issues are all adequately addressed.
1. “The Myths and Facts behind Cyber Security Risks for Industrial Control Systems,” by Eric Byres, P. Eng. and Justin Lowe. http://www.tswg.gov/tswg/ip/The_Myths_and_Facts_behind_Cyber_Security_Risks.pdf