Unseen by average Internet users, hackers from around the world are constantly exploring the vulnerabilities of every system and device they can find online. Home automation systems that connect to the Internet are at risk of hackers' attacks in the same way that websites, banking systems and corporate networks are. While most homeowners will not experience the "poltergeist effect" of an unknown hacker playing with their connected devices, turning lights on and off or brewing coffee, it's unseen threats that are often the most damaging.
The Risks of Convenience
Convenience often brings vulnerability in Internet applications. An easy to remember password, for example, is usually easily guessed. The same principle applies to remote control and monitoring smartphone apps that access home-based security and control systems. Letting the homeowner's commands into the home network and still keeping potential invaders out is no easy matter. Even if the home uses short-range WPAN (wireless personal area network) systems for internal connectivity, as soon as an Internet connection is established the level of risk goes way up.
Finding a Way In
Firewalls, gateways and specialized home automation interface systems try to filter or control access to the home network by managing the Internet messages which are sent and received. Only if these protections succeed 100% is home automation secure. Each blocking and filtering method makes certain assumptions about the techniques by which hackers will try to gain access. If hackers find a software flaw in the filter or come up with a creative solution such as manipulating a web-based interface, security protections may not be effective, and the defense becomes porous.
In the wall between the safe internal network and the outside world, a "single point of failure" can be a security disaster if breached. Once access is established, unprotected devices which assumed only "friendly" messages would make it in from the outside may freely allow control, monitoring and data snooping by unknown outsiders. Like a medieval castle whose drawbridge is down, invaders are free to roam inside.
More than Flashing Lights and Burnt Toast
Control of home appliances is the most obvious access that hackers could gain in an automated home, but Internet criminals are often seeking financial gain and have very creative ways to do so. Some examples might be using home devices to reroute network data containing financial information for exploitation, or providing access to video cameras to identify valuables and family activity patterns from afar.
Internet-connected appliances can have unintended uses: smart televisions that use voice commands have been shown to provide the possibility of eavesdropping in homes and offices if hackers gain access to their continuous voice recording. Even a "smart" thermostat that records family patterns can, once accessed, report these patterns to outsiders who want to know when the home is likely to be empty or when household members sleep.
Like Seat Belts and Smoke Detectors
Demand for security and safety features is often driven by consumers' awareness of their exposure. Retail stores have tightened their credit card security as large-scale data breaches were revealed to the public. Both seat belts and smoke detectors are now common features in daily life which became widely available long after the need for them was apparent.
As risks beyond inconvenience are revealed in home automation systems, security features will increase and new security technologies specific to home automation will be developed. There is often resistance: for many years, even Wi-Fi routers with security features such as password-based encryption shipped with the feature disabled by default to avoid user inconvenience. As the exploitation of the resulting "free Internet" grew, manufacturers changed their policies. Until the demand for tight home automation security grows, it will remain up to the installer, integrator, or even the homeowner to ensure that Internet security protections are in place. They will need the expertise to install and configure firewalls or other devices, and to ensure that any flaws in those protections are immediately addressed.
The Future: Security as a Philosophy
Core software used in networked devices as diverse as vacuum cleaners, washing machines, refrigerators and smart televisions will define whether security is handled "at the door" where the home network connects to the Internet, or in every device. If each device's operating system aims to be inherently secure, hackers will have to work harder to gain meaningful access to a home. Only then is home automation secure in a meaningful way.
Devices with a bare minimum of protection will continue to be vulnerable to creative network access techniques including using one device to "attack" another, or employing groups of devices as teams under the control of the hackers, called "botnets," affecting not only home security, but that of the Internet as a whole.