Get Connected Blog

Security for smart homes

By Pål Kastnes July 26, 2017

security.jpg

Simplifying our lives and saving time is becoming increasingly important in the modern home. In the rush to connect everything, it’s important we don’t forget to focus on the most vital piece of the puzzle: security.

Security is key to any connected environment. While it’s true that no network can ever be 100% secure, it’s still possible to reach a level of security where the time and effort to break it is greater than the reward. To achieve this, security must be factored into product development from the beginning.

Don’t cut corners

Developers can use the secure protocols baked into Bluetooth to create simple, secure IoT devices. But just as a door is only secure if you remember to lock it, Bluetooth is only secure if you implement its in-built security properly.

The commissioning process when a product is paired with a device is one of the most crucial steps in which to avoid shortcuts. When done properly, the product and connection will be secure. But this can only happen when the device is properly configured. Cut corners to speed up or simplify things for the end user and you risk creating a device that can be hacked.

> Read more: Secure IoT commissioning: How hard can it be?

Trust no-one

If you’re making smart locks for homes, you might consider integrating them with Amazon Echo or Google Home so that people can lock and unlock their doors with their voice. For most people this would probably be unnecessary as, if you have callers at the door, you’ll likely want to go and greet them. But for users with mobility issues this could allow them to unlock the door when they need to allow people in and can’t make it to the door themselves.

Yet this approach highlights several risks. A recent stunt by a burger chain showed the potential vulnerabilities that exist in current voice control technology. Could a visitor unlock a door by shouting through an open window?

The possibility does exist, but this is by design. The current wave of voice control systems are designed to respond to any voice. Distinguishing between an adult male, an adult female, and a child would be relatively simple to do. But to incorporate full voice recognition technology would require the user to spend time training the device and of course, increase the cost.

In cases like this, you might still decide to allow this kind of voice control but inform the user of the security problems, or require the voice command to include a unique code to the device and therefore prevent generic attacks.

> Read more: Voice control in the smart home

Find the balance

The flipside of the coin is that security must be seamless and simple for the end user otherwise they’ll find a way to get around it, or disable it altogether. It’s a bad idea to allow users to disable vital security features. But it might also be a bad idea to prevent advanced users from doing so, if they know what they’re doing. For example, if you don’t include integration with voice control, they might find a way to do it anyway using third-party apps.

Be consistent

Another issue to avoid with security is implementing it inconsistently. A few years ago, some Japanese mobile phones featured a Secure Mode where things like names of contacts were hidden in the contacts list. Unfortunately, they weren’t hidden in email or the call register so the feature was, in effect, useless.

Even today, people occasionally find workarounds to passcodes in smartphones by using a combination of settings and actions that trick the phone into forgetting it’s locked.

The main reason things like this happen is that companies often spend most of their time making the user interface look and work just right but forget about the fundamentals underneath. Every aspect of a system must be secure for the system as a whole to be secure.

End-to-end security

Your product needs to be secure internally, so that it is safe from hackers and from other companies’ products. It needs to be securely commissioned to prevent it being hijacked during this critical phase.

It needs to communicate with its users securely, using strong authentication and encryption. Finally, it needs to remain secure at all points of its lifecycle, including the ability to be updated securely if any problems come to light once it’s on the market.

Anyone working with Bluetooth can make products that are secure by design. By keeping security front and center in everything you do, you can make sure you keep your users, their homes and their data safe from harm.

 

Entering IoT: Opportunity, Risks & Strategy. Download free ebook now 

 

Topics: security


Pål Kastnes's photo

By: Pål Kastnes

Pål Kastnes joined Nordic in March 2015. He has 18 years of experience from the embedded systems market working in several areas. This includes IC design, system verification, production testing and device specification on the factory side. He spent 6 years as a key account manager embedded within the sales organization for the Asian market based out of Tokyo, Japan. The last years he has been driving training programs globally as well as providing key account support for EMEA. His main focus now Trainings and user experience, focusing on ease of use of all the elements involved in the design process of connected devices.

Epost

Comments

Get Connected Blog

This blog is for you who are new to the connected world of the Internet of Things (IoT) - whether you are a senior executive, in product development, or simply a curious soul.
Our goal is to inform you, keep you updated and help you understand the opportunities and challenges of IoT for your industry.

If you are a developer, you may want to check out our Devzone Blog

Visit www.nordicsemi.com

Free eBook: Entering the Internet of Things: Opportunity, Risks & Strategy

Latest Posts