How to be Smart while staying Safe - Smart Homes and Security
Every week there seems to be another story about security of connected products – whether that’s unprotected cameras being remotely accessed without permission or devices being used in a bot-net to attack online services. Product manufacturers have a responsibility to design products securely which risks being lower down the priority list when there’s focus on hitting launch deadlines.
As Colby Moore, a security research analyst for Synack. “The majority of companies are ignoring the basics. These companies are really pushing to get a product to market to really compete in this Internet of things boom, but they don’t have a security guy on their team, so there is a lot of small stuff being overlooked.”
Smart Home products are expected to grow rapidly over the next few years. In fact, research says that Smart Home revenue will exceed €180 million by 2021.
However, the number one concern that many people face while deciding to adopt this new and fascinating technology is the Privacy and Security risks. Whilst no one can completely guarantee security, smart device manufacturers have to take this threat seriously and mitigate the risks through design and testing. They need to take a pragmatic and realistic approach by testing and reacting as fast as possible if something should happen.
“Ultimately the responsibility falls more on the company than on the customer to make smart home devices secure. Customers are the weakest link and you can’t rely on them to be aware of security. The customer expects a company to make their systems secure; so, a customer never uses a product wrongly; the company just designs a smart home device wrong.” says Philip Steele, CEO and founder of nCube Home
While some of the smart device’s manufacturer are ignoring this issue (such as having default admin access passwords), we at nCube home, take privacy and security seriously. Here are a few things we have done already to mitigate the risks.
- No default username/password
The first step for a secure smart device is not creating a default username/password like many smart cameras manufacturers have failed to do. This is the easiest invitation to a hacker to get into your home network and steal information or use your home devices in a bot-net.
The nCube hub activation is done through 2 security steps. Firstly, you need to enter your activation code that is written at the back of the hub then create your own unique username and password. And secondly you will need to enter the PIN code received by SMS message to confirm your account. For each new account, you create for the other home members, they will also need to enter the PIN code received by SMS message and create their own unique username and passwords. All this needs to be done within the home which means that no one is able to create a username and password outside of your home network.
- Use SMS verification for mobile numbers
As mentioned above, to be able to activate and access the nCube app, the nCube 2 factor authentication design acts as an added layer to the security process.
- Require the user to first use the app/browser whilst in their home connected to their home wifi before remote access is possible
The first time you activate the ncube, the user must user their mobile/tablet/laptop within their home network before being able to remotely access their smart home which makes it even more secure than just a username/password.
We also allow the user to decide which features of their smart home they actually wish to be able to access remotely. For example, they might want to be able to control their lights and thermostats but not necessarily be able to change and delete devices and users remotely.
Finally, remote access goes through our servers securely, meaning we can log and identify any issues with remote access. (the alternative. which things like cheap IP cameras do, is use direct access by exposing a port from the home network).
- Use data encryption on the hub when sharing data with trusted partners
Privacy is one the most important features of nCube and we take it very seriously. Our homes are a more private place than our free social media accounts - to use a British term, our homes are our castles - and therefore nCube is designed to keep user data in the home and if there are reasons for having access to that data (e.g. insurers willing to offer policy discounts) then the homeowner will be able to opt-in to that specific data policy with full knowledge of what that data is being used for.
Unlike most of the apps nowadays, we don’t ask for any user’s data to be shared with us to allow them to use the product.
- Regular software updates
Being able to push software updates onto your IoT device is key to keep up to date with new security vulnerabilities. We publish regular software updates to make sure the products is always up to date against any security threats.
Read more about how to make your smart home more secure