Apac
  • Home
  • CXO Insights
  • CIO Speaks
  • Partner Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
Apac

  • Agile

    Artificial Intelligence

    Augmented Reality

    Big Data

    Blockchain

    Cloud

    Cyber Security

    DevOps

    Digital Technology

    Enterprise Security

    HPC

    Internet of Things

    IT Services

    Mobility

    Networking

    Open Source

    POS

    QA and Testing

    Robotics

    SaaS Solutions

    Security

    Simulation

    Smart City

    Startup

    Storage

    Unified Communication

    Virtualization

    Web Development

  • Automotive

    Aviation and Aerospace

    Banking

    Compliance

    Construction

    Contact Center

    E-Commerce

    Education

    Energy

    Engineering

    Field Service

    FinTech

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Pharma and Life Science

    Retail

    Sports

    Telecom

    Travel and Hospitality

    Utilities

  • Amazon

    CISCO

    Google

    HP

    IBM

    Intel

    Microsoft

    Oracle

    Red Hat

    Salesforce

    SAP

    VMware

  • Business Intelligence

    Business Process Management

    CEM

    Collaboration

    Corporate Finance

    CRM

    Data Center

    Disaster Recovery

    Document Management Systems

    Enterprise Architecture

    Enterprise Asset Management

    Enterprise Performance Management

    ERP

    Fleet Management

    Gamification

    Geographical Information System

    HR Technology

    IT Service Management

    Managed Services

    Payments

    PLM

    Procurement

    Project Management

    Risk Management

    Sales and Marketing

    Workflow

Menu
    • DevOps
    • Automotive
    • FinTech
    • Robotics
    • SAP
    • Amazon
    • Big Data
    • Education
    • HPC
    • Simulation
    • CISCO
    • Web Development
    • AI
    • EPM
    • ERP
    • Project Management
    • Salesforce
    • Sports
    • Travel and Hospitality
    • Unified Communication
    • IT Services
    More
    Education HPC Simulation CISCO Web Development AI EPM ERP Project Management Salesforce Sports Travel and Hospitality Unified Communication IT Services
    ×

    Subscribe to our Newsletter

    news
    news

    Join our mailing list for the latest articles, news, and exclusive insights from prominent technology leaders

    loading
    SUBSCRIBE

    Thank You for subscribing with us. We sent you an email regarding this.

    news

    • Home
    • Networking
    Editor's Pick (1 - 4 of 8)
    left
    CIOs Need To Know Their Business, Not Just Tech

    John Sadowski, EVP & CIO, Sandy Spring Bank

    Your Next Law Firm Website Project

    Vic Peterson, CIO, Stinson Leonard Street LLP

    Essentials for a Compliant Environment

    Seevali Fernando, Group CIO, Hoya Corporation

    The Digital Agency

    Ralph Chivers, CIO, Ministry of Business Innovation and Employment, New Zealand

    E-commerce and the Data behind it

    Klemen Drole, CIO, Lazada Group

    Need and Importance of IT in the Shipping Industry

    Anjan Deb, GM-IT (CIO), The Great Eastern Shipping

    At the Crossroads of Sports and Technology

    Jerry Mcglynn, CIO, Specialized Bicycle Components

    Proliferative Innovation via Platform+Agile

    Dr. Steve Hodgkinson, CIO, Department of Health & Human Services in Melbourne, Australia

    right

    Secure Smart Homes Need Control on Site, not in the Cloud

    By Simon Hunt, CTO - Home Gateway Security, Intel Security

    Tweet
    content-image

    Simon Hunt, CTO - Home Gateway Security, Intel Security

    The smart home and the Internet of Things in the home are increasingly newsworthy lately, and for good reason. Who can deny the attractiveness of the “digital butler” experience—as your smart home saves energy and makes life more convenient? Automated lighting, learning thermostats, Wi-Fi enabled door bells with cameras, and smartphone notification that you left the garage door open: Most of us would find these features valuable.

    With this convenience, though, come additional risks, such as the handy two-way Wi-Fi enabled baby monitor that was hacked to allow an individual to shout profanity at the sleeping child, and the reported attacks against home routers to modify DNS settings and steal personal information. We also eagerly await the discoveries from DEFCON 2015’s IOT Hacking Village, a competition designed specifically to find vulnerabilities in popular home IOT devices.

    One partial advantage for homeowners is that the current focus of attack is on Internet-connected home IOT devices. There’s no way a remote hacker can gain access to your X10 or Insteon lights if you don’t have an X10-to-Internet gateway, and there’s no way to access your Zigbee door locks unless you connect them to the Internet, or the hacker is standing a few feet from your door.

    Although Internet-connected home IOT devices are obviously valuable, they are not the sum total of the home IOT market.

    Manufacturers are, of course, eagerly pursuing the home IOT market with Internet-connected devices. The idea of remotely controlling and interacting with our homes while we’re away is extremely compelling. Knowing the garage door is open when you’re at work is far more useful than knowing it’s open when you’re in the home, and changing your home heating settings when you know you’re going to delayed (or early), equally so.

    Other advantages to an Internet connection include having weeks of security camera footage stored in the cloud, saving us from having to store the video at home, and the cost savings of moving the intelligence from the individual devices into cloud-based services.

    Cloud connectivity, using someone else’s computer to offload processing, is currently a band-aid to reduce a product’s time to market and decrease the per-device cost. As an example, one of the most popular consumer IOT ecosystems requires broadband connectivity to turn a light on and

    off, or to open a door, even if you’re physically at home. Yet there’s no technical reason why an Internet service is required to broker a conversation between two devices on the same Wi-Fi network.

    Given that home IOT can be interconnected to various degrees, we should consider the overall risk of the implemented ecosystem, not just the individual devices we install. This risk changes depending on the sophistication of the home in question.

    The disconnected smart home

    If the home has no Internet connection (or there is no bridge between the home IOT devices and the home Wi-Fi/Internet connection), there is minimal risk. Connection schemes such as X10, Zigbee, and Z-Wave are “localized”; a physical presence within their reception range is required. Many automation systems, such as Lutron and Insteon, donot require any Wi-Fi or Internet connection.

    To be hacked, someone has to physically come to your home, a step the smart home security system is designed to mitigate.

    "We also eagerly await the discoveries from DEFCON 2015’s IOT Hacking Village, a competition designed specifically to find vulnerabilities in popular home IOT devices"

    Disconnected devices communicating with a home-only connected hub

    The second case involves home IOT devices that connect to a Wi-Fi hub to allow them to be controlled via PCs, smartphones, etc. One example is Phillips Hue: the individual light bulbs talk via Zigbee to a hub, which connects to Wi-Fi to allow control through smartphones and tablets.An Internet connection is not required to control the system.

    For hackers to compromise this architecture, they need a footprint within the home network.This could be a compromised PC or home router, but they can’t simply come from the Internet and directly attack the home hub.

    Appropriate endpoint anti-malware products assist greatly in mitigating the risk, as does using WPA2 or better Wi-Fi encryption to prevent intruders from gaining access to your home network.

    Internet-connected devices and devices with Internet-connected hubs

    The most risky situation, and the one currently most under attack, allows devices (or their hub) to talk directly to the Internet. The infamous example of the compromised baby camera was simply an Internet-accessible device using default passwords.

    Hacking websites trawl the Internet looking for connected security cameras using weak or default credentials. Any device directly accessible from the Internet needs the highest level of designed-in security and attention, because they are the most accessible and easiest to probe for weaknesses.

    Unfortunately the trend in home IOT is to offer Internet-connected devices. Given the rapid evolution of this market and number of companies competing for a share, information security often becomes an afterthought.

    At the moment, there are few ways to protect such an environment, other than to trust that the device and hub manufacturers have implemented robust security, and that any vulnerability will be quickly patched. However, it may be the homeowner’s responsibility to apply such patches—making it vital that you understand what devices you have, how they obtain updates, and any known vulnerabilities.

    The Future

    The security industry predicts significant changes in the home IOT space during the next decade. Smarthomes are moving from cool to useful, but an Internet outage that knocks out the lights is something the average homeowner won’t tolerate. Processing and intelligence need to move back into the home, under the homeowner’s control, especially for automation and security features.

    Having the intelligence of your home IOT depend on cloud processing will naturally be replaced with a smart “black box” in a closet, perhaps merged with media storage and entertainment features.

    The “smart home” of today is really a dumb home connected to a smart cloud. That must change, as we empower the next generation of homes to be smart in their own right.

    Read Also

    Delivering the Greatest IT Outcomes

    Delivering the Greatest IT Outcomes
    The Cloud: A Business Initiative with IT Benefits

    The Cloud: A Business Initiative with IT Benefits
    The Network Economy, Fibre Investment and a Better Place to Live

    The Network Economy, Fibre Investment and a Better Place to Live
    What is CLOUD doing to our networks?

    What is CLOUD doing to our networks?
    Top 10 Networking Consulting/Implementation Services Companies - 2018

    Top 10 Networking Consulting/Implementation Services Companies - 2018

     Top 10 Networking Solution Providers - 2018

    Top 10 Networking Solution Providers - 2018

     Top 25 Networking Solution Providers - 2017

    Top 25 Networking Solution Providers - 2017

     25 Most Promising Enterprise Networking Solution Providers

    25 Most Promising Enterprise Networking Solution Providers

    Featured Vendors

    PepNet

    Allan De Brincat, CTO

    CISCO Systems

    Brink Sanders, MD, Software & Network Transformation, APAC & Japan

    Networking Special

    Copyright © 2018 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://networking.apacciooutlook.com/ciospeaks/secure-smart-homes-need-control-on-site-not-in-the-cloud-nwid-649.html