Equipped with technology that provides the occupants with comprehensive information about the state of their home, smart homes also bear cyber security risks, states a new report by European Union Agency for Network and Information Security (Enisa).
The 'Threat Landscape and Good Practice Guide for Smart Home and Converged Media' provides an overview of the current state of cyber security in this domain.
The study identifies commonly used assets, exposure of these assets to cyber threats, threat agents, vulnerabilities and risks, as well as available good practices in the field.
In addition to the input from the members of the ENISA informal Expert Group (EG) created for this effort, existing assessments and publicly available information have been taken into account.
Definition of smart home and converged media
The study identifies threats to all asset classes, across the several alternative design pathways to smart homes.
In addition to this consolidated and remote control of the home, a smart home may also be able to “learn” the preferences of its inhabitants and adapt to them.
Examples of smart home devices include: smart fridges, smart electricity meters, smart blinds, and automatic pet feeders.
Important components of the integrated smart home are converged media - media characterised by the merging of traditional broadcast services with the Internet - in particular in the form of smart TVs and related devices such as media centres.
Highlights of this study are:
- Not all smart homes are created equally. There are multiple design pathways that lead to functional smart homes, ranging between localised and integrated home-automation systems. These pathways have their own security and privacy peculiarities, but also have shared issues and vulnerabilities.
- Smart homes will have significant privacy and data protection impacts. The increased number of interlinked sensors and activity logs present and active in the smart home will be a source of close, granular and intimate data on the activities and behaviour of inhabitants and visitors.
- Several economic factors may lead to poor security in smart home devices. Companies involved in the smart home market include home appliance companies, small start-up companies, and even crowd-funded efforts. These groups are likely to lack security expertise, security budgets and access to security research networks and communities.
- The interests of different asset owners in the smart home are not necessarily aligned and may even be in conflict. This creates a complex environment for security activity.
- Just as in many other areas of ICT, applying basic information security would significantly increase overall security in the smart home domain. The smart home is a point of intense contact between networked information technology and physical space. This will create new yet unknown threat and vulnerability models that are result of bringing together both the virtual and physical contexts.