In a new licentiate thesis about the connected home’s risks and challenges, Joseph Bugeja asks for increased consumer awareness and greater responsibility among manufacturers.
Music systems, surveillance cameras, phones, computers, refrigerators and fitness apps. Our homes are increasingly being equipped with gadgets that are connected to the internet. The consumer’s knowledge about the possible risks this entails is, however, not enough. The same goes for the quality of the connected devices. This is what Joseph Bugeja argues in the licentiate thesis Smart Connected Homes: Concepts, Risks and Challenges, in which he describes the “smart home” ecosystem and its features. In particular, he focuses on the data that is collected by the devices.
“The home is your most private sphere. Yet, we potentially share very much information about ourselves right from home: your contact information and location, what indoor temperature you prefer, and even your weight. You may also have voice-controlled devices, which can pose a risk that even your private conversations are intercepted,” says Joseph Bugeja who in the thesis analyzes security risks and the risks of privacy violations.
Motivation and knowledge
The analysis is threefold: first, he mapped what data was collected by particular types of devices. Second, he investigated who (e.g. hackers, thieves, nation states) could pose a threat to the smart home residents. What is their motivation and capacity? Third, he defined the level of knowledge of these various intruders as the basis for a “threat agent model” for the smart connected home.
“Academic reports indicate that the hacker is the most common intruder. Unlike a thief, the hacker has no real motive and just does it for the fun to experiment and try things out,” says Joseph Bugeja.
To test the threat agent model, Joseph Bugeja carried out empirical studies that shows how vulnerable many connected devices in the home environment are.
“There is a lot of data floating around that anyone with little knowledge can access. Had I continued, I would have been able to get into the cameras inside people’s homes.”
Doesn’t live up to security standards
If the intruder manages to break into one device, s/he can often discover and even access all of them. This is because devices tend to be connected to the same network and oftentimes consumers are not aware of security best practices, says Joseph Bugeja.
One problem is that consumers are not aware of the risks of themselves installing the gadgets. Another problem is that many manufacturers lack a stringent security policy – some devices shouldn’t had been on the market at all.
“There are devices that don’t have enough processing power or memory capacity to keep them secure,” says Joseph Bugeja. “We need effective regulations, legislation, and product liability on the producer side. Many consumers are not aware that the ‘cheap’ gadgets they buy online often expose them to greater risk in terms of security and privacy.”
» Originally published as Svagt riskmedvetande om våra uppkopplade hem, by Magnus Jando.
» See also the Storm article Halvvägs till doktor