From Nordic Semiconductor: Security for smart homes
Simplifying our lives and saving time is becoming increasingly important in the modern home. In the rush to connect everything, it’s important we don’t forget to focus on the most vital piece of the puzzle: security.
Security is key to any connected environment. While it’s true that no network can ever be 100% secure, it’s still possible to reach a level of security where the time and effort to break it is greater than the reward. To achieve this, security must be factored into product development from the beginning.
Don’t cut corners
Developers can use the secure protocols baked into Bluetooth to create simple, secure IoT devices. But just as a door is only secure if you remember to lock it, Bluetooth is only secure if you implement its in-built security properly.
The commissioning process when a product is paired with a device is one of the most crucial steps in which to avoid shortcuts. When done properly, the product and connection will be secure. But this can only happen when the device is properly configured. Cut corners to speed up or simplify things for the end user and you risk creating a device that can be hacked.
Read more: Secure IoT commissioning: How hard can it be?
Trust no-one
If you’re making smart locks for homes, you might consider integrating them with Amazon Echo or Google Home so that people can lock and unlock their doors with their voice. For most people this would probably be unnecessary as, if you have callers at the door, you’ll likely want to go and greet them. But for users with mobility issues this could allow them to unlock the door when they need to allow people in and can’t make it to the door themselves.
Yet this approach highlights several risks. A recent stunt by a burger chain showed the potential vulnerabilities that exist in current voice control technology. Could a visitor unlock a door by shouting through an open window?
The possibility does exist, but this is by design. The current wave of voice control systems are designed to respond to any voice. Distinguishing between an adult male, an adult female, and a child would be relatively simple to do. But to incorporate full voice recognition technology would require the user to spend time training the device and of course, increase the cost.
In cases like this, you might still decide to allow this kind of voice control but inform the user of the security problems, or require the voice command to include a unique code to the device and therefore prevent generic attacks.
Read more: Voice control in the smart home
Find the balance
The flipside of the coin is that security must be seamless and simple for the end user otherwise they’ll find a way to get around it, or disable it altogether. It’s a bad idea to allow users to disable vital security features. But it might also be a bad idea to prevent advanced users from doing so, if they know what they’re doing. For example, if you don’t include integration with voice control, they might find a way to do it anyway using third-party apps.
Be consistent
Another issue to avoid with security is implementing it inconsistently. A few years ago, some Japanese mobile phones featured a Secure Mode where things like names of contacts were hidden in the contacts list. Unfortunately, they weren’t hidden in email or the call register so the feature was, in effect, useless.
Even today, people occasionally find workarounds to passcodes in smartphones by using a combination of settings and actions that trick the phone into forgetting it’s locked.
The main reason things like this happen is that companies often spend most of their time making the user interface look and work just right but forget about the fundamentals underneath. Every aspect of a system must be secure for the system as a whole to be secure.
End-to-end security
Your product needs to be secure internally, so that it is safe from hackers and from other companies’ products. It needs to be securely commissioned to prevent it being hijacked during this critical phase.
It needs to communicate with its users securely, using strong authentication and encryption. Finally, it needs to remain secure at all points of its lifecycle, including the ability to be updated securely if any problems come to light once it’s on the market.
Anyone working with Bluetooth can make products that are secure by design. By keeping security front and center in everything you do, you can make sure you keep your users, their homes and their data safe from harm.
Entering the Internet of Things: Opportunity, Risks & Strategy > Download the free eBook now
Source: http://blog.nordicsemi.com/getconnected/security-for-smart-homes
Contact Symmetry Electronics at 866-506-8829, email us or start a live chat and we'll be glad to help you with your projects!