Smart home systems need to improve security

smart home
Credit: CC0 Public Domain

The security of smart domestic appliances that can be managed remotely must be improved to better protect users' privacy, research suggests.

Experts have identified steps that manufacturers could take to improve the products' security, in a market that is forecast to be worth £80bn by 2022.

Design flaws

They have identified flaws in the of home automation systems, which could enable theft of passwords or other , scientists say.

These weaknesses could also allow online attackers to interfere with the use of domestic devices, potentially causing stress and damage to their victims.

Researchers at the University studied the security of Belkin WeMo, which is among the most popular smart home ecosystems.

App weaknesses

The team found vulnerabilities in the design of the smartphone app that is used to control smart appliances, and in the way in which these devices are configured to use home WiFi networks.

These weaknesses could enable cyber attackers to obtain users' WiFi passwords and access to their online activities.

Phishing potential

Researchers were also able to connect a fake device, created using computer code, which can appear to the user as a legitimate smart appliance.

This has the potential to underpin phishing attacks – in which users are misled into disclosing account details that attackers can use to access other online accounts and private information.

The team have developed ways to help manufacturers remove similar weaknesses from designs and improve security.

Their findings will be presented at the 2019 IEEE International Conference on Pervasive Computing and Communications in Kyoto, Japan.

The research was funded in part by the UK National Cyber Security Center.

"Smart systems and the many benefits they offer are proving popular with consumers. It is important that these are developed with in mind, and that regulations keep pace with developments in technology and its applications," said Dr. Paul Patras.

Explore further

Security flaw could have let hackers turn on smart ovens

Citation: Smart home systems need to improve security (2019, February 25) retrieved 20 September 2019 from
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Feedback to editors

User comments

Feb 25, 2019
**Full disclosure: I used to work at AWS**

It's foolish to think that the guy who is a whiz at writing device firmware is also going to be an expert at security, database design, communications, etc., but that's the programming model that has developed over the years. A lot of future headaches for IoT manufacturers can be avoided by letting AWS, Azure, or Google do the grunt work of securing their communications, databases, and apps. These companies have more people dedicated to just security than most large companies have in their entire IT department, and probably more than most IoT startups have in their entire company.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more