Having a smart home is all well and good until you become a victim of data leakage. 

This is not a discouragement against IoT implementation into your home, however. The Internet of Things market has been on the rise, and thanks to that, even our homes have become smarter. We don’t have to worry about doing our laundry, or making coffee manually anymore. With just a command we can do these things without having to move away from that comfy couch. 

But over the last couple of years, some incidents have shown that the matter of smart homes might not be all it’s hyped up to be. Just like everything, IoT implementation in smart homes has a bright and a dark side, but it seems the dark side is more sinister than the bright one. 

Incident one:

The combined research conducted by Northeastern University and Imperial College of London has shown how consumer devices are not to be trusted when dealing with client data. The researchers conducted 34,586 controlled experiments on 81 different IoT devices, 46 of which are from the US and 35 are from the UK, and this is what they found out-

• 72 out of these 81 devices are connecting to services that are not the first party. Which means they are connecting domains and addresses that have no business connecting to the device. 
• The research showed that 56% of the US devices and 83.8% of the UK devices were connecting to domains that were not in their region. 
• The safety of the data on an online connection depends on the level of encryption, but here’s the kicker- according to the research, all the tested devices have at least one plain-text flow, which means at least one data flow from all the devices is non-encrypted. Not to mention, any cyber-evesdroppers can analyze device traffic, encrypted or not, and figure out the user and device behavior. 

But in any case, this is just research. What happens when a smart home management platform leaves a server with important user data exposed on the internet without any password or protection?

Incident Two:

Around mid-June, the security team at vpnMentor, lead by security researchers Noam Rotem and Ran Locar, spotted a completely exposed server containing the customer details of 2 million users, including their usernames, passwords, and password reset codes. 

The server in question belongs to a Chinese smart home management platform Orvibo. Their smart home management Smartmate helps users control every aspect of their smart home, from security to closing the curtains. 

Not only a smart-home management system, but Orvibo also deals in self-manufactured smart home products such as smart light bulbs, HVAC systems, home entertainment systems, security cameras, smart power plugs, and many more. 

The open server containing user information poses a huge threat to everyone who’s data has been exposed. Since the data breach being exposed, Orvibo has taken steps to secure the server. Even then, the data breach can have serious repercussions for the users. What are these repercussions though? Let’s find out what can happen to your data if it is leaked by your smart home device. 

What will happen if your data is breached?

When hearing about IoT and data breach, the user can have two kinds of reactions.

One group would panic, and probably stop using all kinds of smart devices. 

Another group would ask so what if their data is being breached? And this point is to answer the question for the latter group. 

There is a reason why smart home security is something to be concerned about. The personal and sensitive data, the users enter in order to run the devices, can be manipulated in various ways, and each one would only harm the users. 

So what are the ways hackers can manipulate the IoT devices and data that make your home smart?

1. Manipulating The Devices

The first thing you might do after getting a smart device for your home is to configure its username and password. 

However, this is not a widespread practice. Most people often end up using the same default username and password the device came with, which means that it’s going to be super easy for the hackers to get your data and gain access to your device. And from there on, it’s an open sandbox for them to play with. They can do whatever they want with your device, but there’s one guarantee- whatever they do is not going to do you any good. 

2. Holding Your Data And Device For Ransom

The ransomware attack is the most familiar in the IoT industry. Through this, what the hacker usually does is that they would gain access to an IoT device, and cut off the legitimate user’s access. Then they would ask for a ransom for restoring the user’s access to that device. 

While this may not seem to be as dangerous, it is a serious threat. Once the hackers have gained access to your data, they can use it for many malicious ends, things you don’t even have any idea about. And not to mention, there is no guarantee that they would give you back the access to your data once you pay them. And that’s why implementing some serious security protocols in place is needed to prevent your device and data from ransomware attacks. 

3. Doing Serious Damage To Your Home

This one might seem a little petty, but here we go anyways. 

Imagine having a smart thermostat, which you can control using online access. Now imagine going out on a vacation with your family, making sure that everything around the house is shut down, even the thermostat. However, when you get back, you see that the thermostat turned up to its highest setting on its own, melting every plastic thing in your house. 

But did it happen on its own? How are you going to find out whether it just happened or someone purposefully hacked into your smart home system and used the thermostat to seriously damage your home? Stealing the authorization details, hackers can do this for multiple reasons, ranging from personal vendetta to trivial entertainment because they were bored. Either way, it is your home that will be damaged. 

4. Actively Robbing Your Home

When details such as passwords and user IDs, along with device IDs are being sent to an unknown third-party domain without any encryption, the data can be used in many ways, and one of them can be to rob your home. 

Think about how a hacker-robber group can hack into the security system of your home, disable it and then walk into your home to steal everything from you. This is a bold use of smart home data breaches, and it can be quite fatal in case someone is home when they decided to hit the house. In this case, the loss of data security can result in serious loss of physical property as well. 

5. Launching A Botnet Attack

Last but not least, gaining access to your IoT smart home devices, the hackers can turn these devices into zombie devices and launch a botnet attack. A botnet is a number of internet-connected devices. Each of these devices is running one or more bots, which can be used to perform distributed denial-of-service attacks. 

Through this, the hackers can also steal important data, send spam emails, getting the attacker access to the device, this is not only going to create a problem for you but others as well. 

With a DDoS attack, the botnets can connect to a website, generating so much traffic that the website crashes, leaving them vulnerable for many data exploitations. Using your IoT device, the hackers can launch a similar botnet attack to that of the Mirai Botnet attack of 2016. The Mirai botnet attack brought down a french host OVH. and that’s how your smart home devices can be turned into a weapon to bring down popular websites around the world. 

What Is Going To Be The Solutions?

Every problem has a solution, and so does this one. 

There have been plenty of solutions suggested for the data security of IoT devices. But so far only two of these solutions stand out. One is the use of machine learning, another being Blockchain. 

The Machine Learning Solution For Smart Homes

Rather than looking for a security solution for each device, AI and machine learning can create a shield of security for all the IoT devices for your home network. Deep learning and machine learning can not only monitor each and every device connected to the network, but they can also detect and prevent any unwanted and unknown device trying to connect with the home network. 

The use of AI comes in handy when analyzing the network traffic. This way the AI can keep up with the general traffic flow of each of the devices and detect any anomalies in the normal flow of traffic. Which means fewer chances of any hackers getting inside your home network. You can check out these top 10 highly performing smart home apps making it big.

Along with these benefits, the use of Machine learning and deep learning can also detect botnet activity, manage device authentication and access management. This way they can manage to give your smart home network 360-degree security without worrying you. 

The Blockchain Solution To All Things Smart-homes

The main problem with the smart home network is the centralization of data, which could be easily hacked into. And that’s why Blockchain can provide a decentralized solution to this problem. 

Once the smart home IoT systems start utilizing the blockchain system for data communication, the security will increase tenfold, because it is close to impossible to hack into a blockchain network and change the data. To do so, the hacker would have to have control of 51% of the devices connected, and when the number of connected devices spans millions, it can be a little tough. 

Not to mention, blockchain in IoT will end the trend of data monopolization. Your data won’t be a subject of daily business deals with large conglomerates. Blockchain can bring affordability and security for smart homes that people have been asking for a long time.

Conclusion 

So does it mean you should not be using smart home technology?

The answer is no, absolutely not. It is undeniable that smart home technology has its own benefits and you should be able to take advantage of that. But only after you have made sure of your data security. Once you have made sure that all the devices you are using are secure. You can make use of IoT devices for your home as much as you want. Always remember that the security measures for your home IoT devices are not a matter of joke.

This is my first post on IoT Central.  Looking forward to hearing more about IoT from the members.  

I am curious to see what people think of the MKR Labs report on how hackers can turn your Amazon Echo into a listening device.  According to the report, tt seems one of Amazon's most popular and new products is vulnerable to "a physical attack that allows an attacker to gain a root shell on the underlying Linux operating system and install malware without leaving physical evidence of tampering."  This type of malware can give hackers remote access to your Echo.  It will also give them the ability to grab customer authentication tokens and the ability to stream live microphone audio to any other remote services without altering the functionality of the device.  

Today, GearBrain did a post on this news.  I am curious to see what others think about this type of hacking and how big of an issue you think this is to Amazon and other manufacturers of voice controlled digital assistants like Echo.  

Home Automation DIY Case Study

The following is from a Mind Commerce interview with residential owner/installer/operator: 

“ I got into the home automation craze by accident when one of my managers described what he was doing.  After looking at it, the added convenience, security, and cost savings made me a believer.  The overall category of devices that I use are the Internet of Things (IoT). ”

“ My setup is as follows:

• I have an Amazon Echo that allows me to issue voice commands to the majority of my IoT devices.  It also will play music from my Amazon Prime account and allow me to order merchandise (all voice of course).  It additionally allows me to keep a TODO and shopping list that is synchronized to my Alexa app on my iPhone.  As I think of items, I just tell Alexa (the name for the Echo), and she will add the items to the list.  I use this all the time.  You can also set timers and alarms vocally, which is another well-used feature.  There's tons more.  The Echo talks WiFi.
• I use a Wink Hub to interface the Echo to devices that don't directly talk over WiFi, or that the Echo doesn't directly support.  The Wink Hub talks Z-Wave, Zigbee, WiFi, and Lutron's proprietary communications (dimmers).  The Wink Hub also has a nice APP that lets me control everything directly from my cellphone if I want.
• I use Luton dimmers that allow me to turn on, turn off, or set the dimming level for my most commonly used lights.  The echo supports this so I can say "Alexa set living room lights to XX%" and it happens.
• I have a Rain Machine which is a connected sprinkler controller.  I can turn on stations from the Echo, but I don't.  What it allows me to do is to set the watering parameters and then it connects to NOAA and it will modify my preferences based on how much rain has fallen.  Money saver.  It has a great APP and will tell me how much each station actually watered per week.  A real money saver in Florida.
• The Ecobee 3 thermostat was an expensive but awesome IoT purchase that also saved me a lot of money this past winter.  It is very smart and connects to the Echo directly (WiFi).  I can tell Alexa to raise or lower the temperature by voice.  Setup couldn't be any simpler, and the APP is awesome.  Conventional wisdom in the winter is to lower your temperature at night and then have it increase before you wake to save money.  Wrong!  The Ecobee tracks when your fan and compressor run (view on the website).  I found out that turning the temperature down by 4 degrees overnight was causing my heat strips (expensive) to turn on for a couple of hours around 5AM to bring the temperature back up.  I was much better off just leaving it one degree less all the time.
• For my garage door controller, I bought an IoT box that allows me to view the status of the garage door and to remotely open or close the door by using the Wink APP.  Really nice when I can't remember if I closed the door, or left it open.  This doesn't work with the Echo by design (having a crook yell into your house "Alexa open the garage door" wouldn't be a good thing).
• Nest Cam is an awesome security device.  When I'm on travel I can view what's going on in the house and even hear what's going on.  It's got 1080p resolution and night IR capability (see at night with the lights off).  I can even talk to my cat through it.  I pay for the cloud recording service, so when it's on, a month of recording is held on the cloud, which would be useful if the house is ever robbed.  The problem is I don't want it recording while I'm home.  That is solved by...
• Leviton makes smart bricks that plug into an outlet and let you plug an appliance (anything) into it and control that appliance on/off state through Wink or the Echo.  So when I leave, I can just vocally tell the Nest Cam to turn on, or if I forget, I can just use the Wink APP to turn it on remotely.  I use these to control the Nest Cam, my DirecTV internet device, and my Amazon Fire TV.  Whey have them sucking energy all the time when I use them maybe 2% of the time? “

As an advanced user*, he also had this to say:

• “ The is a function call IFTT (If This Then That) that works with the Echo, Wink and the IoT devices to allow creation of recipes that handle what to do if something happens.  For example, I set up an IFTT that when I ask the Echo where my cellphone is, the IFTT will call the phone so it rings.  The possibilities are limitless.  Think Geo-fencing or linking input from IoT sensors to automatically cause actions. “

*Note: Remember, this is a more advanced, tech user.  However, IoT is increasingly becoming part of the consumer lexicon!!