United States - Flag United States

Please confirm your currency selection:

Bench Talk for Design Engineers

Bench Talk

rss

Bench Talk for Design Engineers | The Official Blog of Mouser Electronics


Home Automation Adventures Part III: Common Sense Things To Reduce The Home Automation Attack Surface
On October 8, 2015 in Automation by Arden Henderson
Arden Henderson
  • In the last two blogs about Alice and Bob and their home automation system, we describe the general dangers of the internet and then dangers specific to home automation systems.

    In this blog, we'll cover simple common sense best practice things that Bob and Alice can do to improve defenses and reduce risk.
    By the way, these are common sense best practices for all aspects of personal computing, cell phones, web, and internet.

    Here is the short list of easy, common sense actions that anyone can do, all equal in priority and importance. Note that "device" might mean webcam, laptop, smart phone, smart car, alarm system, thermostat, and so on -- basically anything to be connected to the home network or the internet.


    Common Sense Best Practices for Home Automation Security

    • Only purchase devices manufactured by companies that have a clear, obvious, transparent, well-documented focus on security. You might be surprised how many companies are vague about security. Or, worse, "dumb down" the security specs, often creating misinformation, because the company believes the consumer isn't interested or capable of handling the information. Many devices today have manuals downloadable as PDF files -- good for perusing before purchasing. Read technical reviews before buying, particularly seeing what the reviewer says about the device and security.

    • In the same way, only use apps that are vetted by the manufacturer's app store process. This is a best practice for smart phones and any other computing device. While not perfect, any manufacturer's app qualification process reduces apps of dubious origins and hidden purposes.

    • Always read the "privacy policy" fine print. It's important to note here that no real "contract" or "guarantee" exists between the app developer and app user regarding privacy policies and the actual practice. It's an honor system at best, and mere web page text is not a contract in the conventional, binding, legal sense. Often, it is hand-waving promises of good intentions (without considering all the variables). However, the mere existence of some stated privacy policy is a good start. It's also informative as to the company's security/privacy philosophy. (Look for the text that says the company will gather information from the contact list and -- surprise -- share it with unnamed third parties. By "using" the software, as almost every policy will state, the user magically grants the app company this right to plumb their contact list, usage history, and pretty much anything else accessible. The unnamed third-parties, by definition, will have unknown or non-existing privacy policies. What can do the user do about this? Nothing other than not use the product. So, it comes down to a "reasonable risk" decision by the user.

    • Always change the factory password for any connected device.

    • Follow best practices for password creation. There are many websites that cover this in detail. Read two or three articles to get a wide range of views.

    • Where it's optional, always select the strongest security settings.
    For example, never use WEP or WPA for wireless; only WPA2. Turn on stronger cipher suites in the browser if they are not on by default.

    • Always ensure devices are running the latest software updates, where applicable. This can mean everything from installing the latest firmware in a router or upgrading a webcam application. In same way, always ensure the latest operating systems for all computers of any size, including smart phones.

    • Make sure the main firewall is on, between the internet and the home network. This firewall is usually part of a router. Most appliance router firewalls have few options and limited logging but it's a good idea to get familiarized with firewalls in general and the specific firewall in use. It's also a good idea to begin thinking, researching, and learning how the appliance gear can be replaced with something more sophisticated providing greater control.

    • Put tape over laptop and desktop computer cameras not in use.

    • Cover up the pet cam when not in use or just shut it down if it also has audio capabilities.

    • Shut down the baby monitor when not in use.


    If Bob and Alice follow such common sense best practices, which lend themselves to thinking in a security way and invoke more best practices, they are on a good start to reducing their home automation attack surface, and indeed the attack surface of all their internet-connected devices.

    Later on, as they get used to always thinking of security first, and become comfortable with a progressive process of security improvement, Alice and Bob will start to think outside the internet appliance bubble and realize they need a more sophisticated firewall for their home with improved logging, the better to see what is probing, poking, drilling, and scratching outside their digital wall. This is when they exploring their options of a fortress gateway to the internets and webtubulars.

    That, of course, is yet another story in Bob and Alice's technical adventures.


    Useful links

  • [1] https://www.mouser.com/blog/home-automation-adventures-part-i
    [2] https://www.mouser.com/blog/home-automation-adventures-part-ii

    [3] https://www.mouser.com/empowering-innovation/factory-home-automation?cm_sp=homepage-_-homeintro-_-empoweringinnovation-automationspotlight
    [4] https://www.mouser.com/applications/smart-lights-dark-side-home-automation/




« Back


Arden Henderson spent at least part of his life toolsmithing in dark, steam-powered workshops of software tool forges long gone, drenched in blood, sweat, and code under the glare of cathode ray tubes, striving for the perfect line of self-modifying software and the holy grail of all things codecraft: The perfectly rendered pixel. These days, when not working on his 1964 Flux Blend time machine (which he inadvertently wrecked before it was built after a particularly deep recursive loop), Mr. Henderson works in part-time castle elf and groundskeeper jobs, chatting with singularities spawned from code gone mad in vast labyrinths of vacuum tubes, patch cords, and electro-mechanical relays. Mr. Henderson earned a B.S.C.S. late in life at Texas A&M. Over the hundreds of years gone by before then and after, he has worked in various realms ranging from petrochemical wonderlands spread across the flat Gulf Coast saltgrass plains, as far as the eye can see, to silicon bastions deep in the heart of Central Texas.

Related Posts

  • Home Automation Adventures Part II: The Home Automation Attack Surface: Miles Wide and Wafer Thin

    Bob and Alice Smarts are very excited about their new home automation system. It is the very latest in the latest Information Technology consumer space, incorporating all of the Smarts' smart devices, tying everything together. They can adjust their thermostat from far away. They can view the security system's cams to check on the pets. The baby monitor comes in handy to check on Baby Smart, the newest of the Smart kids. The refrigerator keeps track of inventory and sends reminders. Their smoke detectors and home security system now work together, ready to notify at a moment's notice. All via smart phone. And on and on.

  • Home Automation Adventures Part I: When (Internet) Things Go Bump in the Night

    For Bob and Alice Smarts (not their real names) and their kids, such a world was not only hard to imagine, it was long-forgotten by Bob and Alice, and never known a'tall by their kids. The pre-internet, pre-web world -- if such a world ever existed -- would be a vast empty space. Boring. A wasteland. Such a world was no more real than the black-and-white, scratchy WWII news reels that Uncle Fred, flying in from St. Louis, tuned-in within thirty minutes of arriving if no football games were on at the moment. There is a room with a smart TV for that.

  • New Tech Tuesdays: Choosing Reliable Power Supply for High-Tech Applications

    The XP Power HPF3K0 AC-DC Power Supplies are an excellent investment for industries requiring high reliability and performance. Whether in medical imaging or semiconductor manufacturing, these power supplies offer significant benefits that can enhance operational efficiency and reduce costs.

  • New Tech Tuesdays: DC Microgrids Offer a Smarter, More Efficient Energy Solution

    DC microgrids, despite their niche nature, can integrate with renewable energies for efficient power and storage solutions, potentially leading to a greener, more efficient distributed energy source for the modern world.

  • It's The Little Things: Searching for the Home Automation “Killer App”

    Our pursuit of modern home automation can be readily observed if one looks at the archives from the various World Fairs dating as far back as the 1930s. While tantalizing possibilities have captured our imaginations, in practice the mass adoption of home automation technologies has yet to really take-off. Costs and lack of a common, interconnected protocol are often attributed as the root cause for the failure of home automation to launch. Perhaps though, home automation just hasn’t found it’s “killer app” yet. What might be needed is one must-have product that, while it stands alone in its first iteration, will drive people to adopt then demand more devices that interact with each other.

  • How Microgrids Could Reshape Our Power Systems

    Microgrids represent an innovative smart grid technology reshaping our power systems, integrating renewable energy sources, and paving the way for a more sustainable future. Discover their potential and explore the path forward for widespread adoption of these innovative solutions.
16775 Views
Tagged With: Automation, Internet, Security

Search

Categories

Featured Authors

All Authors

Show More Show More
View Blogs by Date

Archives