Your future home – automated dream or security nightmare?

The Nest is a fascinating new product.

One of the chief minds behind the iPod and iPhone started a new company to make….thermostats.

Really cool thermostats.

This might kick off the beginning of a wave of improved home automation devices.  Home automation has been around for a while, but to this point it has only been accessible to those geeky enough to put in the time and effort to hook up everything or those wealthy enough to pay someone else to do it for them.  The Nest is something that anybody can put in their house.

And of course, it’s connected to the Internet.

Now I’m not passing any judgement on the security put in place on the Nest since the full details aren’t out yet, but it’s interesting to think about where this might lead in the future.  If our thermostats, lights, and other appliances are all networked so that we can make our home lives run smoothly and efficiently, we invite the opportunity for our houses to be hacked into.  The most obvious risk is that a networked alarm system would be remotely disabled to set up a robbery.  Someone breaking into your thermostat doesn’t seem to be much more than a nuisance, but the key thing to realize is that these devices are all placed on your home network.

So, a vulnerability in something innocuous (a hypothetical networked toaster), allows an attacker to access your toaster.  If they discover a flaw that allows them to execute code on that toaster, they can use it as a pivot point to get to your computers.  It’s much easier to attack a target from within its own network, and all of these networked televisions, lighting systems, and thermostats present a wide attack surface that will be tested in the coming years, both by curious security researchers and by less scrupulous individuals.

I hope these products are designed with security in mind, since many of them are coming from industries that have not had to think about these issues before.

Advertisements

3 responses

  1. I have a feeling that they won’t be designed with security in mind. And someday we’ll all be investing in beefed up firewall/intrusion detection systems to protect our internet connected homes.

  2. Pingback: New attack vectors introduced at CES | Arboreal Security

  3. Perhaps, in the near future, we will have to install security systems within our homes. Not as in the traditional form of monitoring and burglar alarm systems, but security systems to monitor our security systems (Similar to how anti viruses on computers (are supposed to) work.).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s