On the way to a safe and secure smart home

Sep 01, 2014
Building management with a tablet computer: In several modern office buildings, lights, louvers (blinds) and doors can be centrally controlled via the Internet. That brings gains in efficiency – but it holds risks, as well. Credit: Fraunhofer FKIE

A growing number of household operations can be managed via the Internet. Today's "Smart Home" promises efficient building management. But often the systems are not secure and can only be retrofitted at great expense. Scientists are working on a software product that defends against hacker attacks before they reach the building.

Botnet. A term from the world of computers is gradually tiptoeing its way into the world of building automation. You have to anticipate this kind of attack scenario, according to Dr. Steffen Wendzel of the Fraunhofer Institute for Communications, Information Processing and Ergonomics FKIE in Bonn. The researcher from the "Cyber Defense" department is the expert in hacker methods and, working jointly with Viviane Zwanger and Dr. Michael Meier, meticulously examines them. Attackers infiltrate multiple computers – "bots" (from the word "robots") – without their owners' knowledge, weave the computers together into nets, and misuse them for computer attacks. The researchers studied something that does not yet exist at all today: attacks by Botnets on "Smart Homes" using Internet-linked buildings or building operations. The finding: The threat is absolutely real: Internet-controlled electric roller shutters, HVAC and locking systems could all be used for these kinds of attacks."Our experiments in the laboratory revealed that the typical IT building is not adequately protected against Internet-based attacks. Their network components could be highjacked for use in botnets," Wendzel continues. In the process, the hackers do not have to seek out the PCs as in the past; instead, they look for the components in building automation that link the buildings with the Internet. These are small boxes installed in the buildings that look and work like routers for home computers."However, they are configured quite simply, can only be upgraded with some difficulty, and are loaded with security gaps. The communications protocol that they use is obsolete," explains Wendzel.

Sentinel software switches between Internet and building IT

To ensure that the heating, lighting, and ventilation of buildings can be controlled via the Internet, it is necessary to install special equipment: This involves mini-computers that measure temperature, light or humidity and are incorporated into networks. "Keeping them up to the latest standards is expensive," Wendzel says. At FKIE, the team has developed security software that can easily switch between Internet and building IT. The technology filters out potential attacks from communications protocols even before they reach the four walls of the actual brick-and-mortar home or office building. No matter what technologies are being used within the building: With this approach, they do not have to be replaced.

The researchers additionally examined the conventional communications standards of building automation, and building upon these, they have developed rules for data traffic. If arriving data do not adhere to these rules, then the communications flow is modified. "The software operates like a firewall with normalization components," explains Wendzel. All the results that are sent on their way to the systems are tested for plausibility by an "analyzer". If the alarm goes off, then the incident is immediately dispatched to the "normalizer." This either blocks the incident in its entirety or modifies it accordingly. The basic research has been concluded successfully. "In the next stage, we want to make the technology production-ready with an industrial firm. In no later than two years, there should be a product on the market," states Wendzel.

In their analysis of Botnet attacks, the researchers sketched out definitive threat scenarios for smart homes."From my perspective, the most compelling issue is 'monitoring,'" the cyber defense researcher says. When the attacker hacks into the building operations IT, he or she will learn where the residents or tenants are located and what they are doing, in a worst case scenario. That includes everything, right down to going to the toilet. Intruders, for example, could use this data in order to prepare for a burglary or raid. In this case, the hacker is acting in a passive capacity, simply tapping data. However, he or she could be equally capable of actively invading the systems. Take a contractor from the energy industry, for example. He could profit from more oil or gas sold if the consumption of multiple heating systems is artificially elevated. A recent example demonstrates how real this scenario is: Last year, there was a gap in the security system of a heating system connected to the Internet. Attackers had the ability to shut down or damage heaters. Therefore, security expert Wendzel is currently advising against carelessly linking all functions in private homes to the Internet.

Explore further: Cyberattack traced to hacked refrigerator, researchers report

add to favorites email to friend print save as pdf

Related Stories

Connected devices in smart homes have control issues

Apr 03, 2014

(Phys.org) —Smart homes are growing smarter. But it all depends on how you define "smart." Smart, as in connected to the Internet, or smart as in a well-planned architecture of intelligent gadgets that ...

Optimal building management through centralization

Jul 15, 2014

Desigo CC is making building management much easier and convenient. Desigo CC is the world's first management station to combine all of the adjustable building systems into a single control station. The station ...

Security tools for Industry 4.0

Mar 05, 2014

An increasing number of unsecured, computer-guided production machinery and networks in production facilities are gradually evolving into gateways for data theft. New security technologies may directly shield ...

Recommended for you

First drone in Nevada test program crashes in demo

1 hour ago

A drone testing program in Nevada is off to a bumpy start after the first unmanned aircraft authorized to fly without Federal Aviation Administration supervision crashed during a ceremony in Boulder City.

Fully automated: Thousands of blood samples every hour

9 hours ago

Siemens is supplying automation technology for the longest and one of the most cutting-edge sample processing lines in any clinical laboratory. The line, or automation track, 200 meters long, in Marlborough, ...

Explainer: What is 4-D printing?

9 hours ago

Additive manufacturing – or 3D printing – is 30 years old this year. Today, it's found not just in industry but in households, as the price of 3D printers has fallen below US$1,000. Knowing you can p ...

First series production vehicle with software control

10 hours ago

Siemens has unveiled the first electric series production vehicle with the central electronics and software architecture RACE. This technology, developed in the research project of the same name, replaces ...

Amputee puts limb system through its paces

12 hours ago

"Amputee Makes History with APL's Modular Prosthetic Limb" is the headline from Johns Hopkins Applied Physics Laboratory, where a team working on prosthetics observed a milestone when a double amputee showed ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.