Smart Home Cybersecurity
3Q 2016
|
Technology Analysis Report
|
AN-2313
|
26 pages
|
4 tables
|
2 charts
|
3 figures
|
In the smart home market segment, security should be implemented at the very start of the development process rather than as a secondary add-on solution. Due to the exponential increase of smart home products, however, the majority of vendors disregard such issues and are then faced with terrible cybersecurity holes which they desperately attempt to fix. This report will delve into cybersecurity issues, vulnerabilities, and threats for the constantly-shifting smart home market segment. It contains market data and forecasting for the smart home (e.g. smart locks, security cameras) as well for communication protocols (e.g. ZigBee, Z-Wave) and proceeds to investigate current and emerging security issues in various attack vectors: from the actual connected devices inside a residence, to API design vulnerabilities, firmware, eavesdropping on consumer devices, close-range attacks, and network hijacking among others. The report includes an additional section focused on solutions and security guidelines for smart home vendors and integrators as well as sections dedicated to newfound flaws in popular communication protocol architecture. Further insights are included regarding unsurfaced, unrecorded attack vectors that might pose a threat in future developments.
Table of Contents
- 1. DELVING INTO THE SMART HOME MARKET
- 1.1. Definitions and segmentation
- 1.2. Research methodology and main assumptions
- 1.3. The state of security
- 1.4. AN INSECURE STAGE FOR HOME AUTOMATION
- 1.5. NEW THREAT VECTORS: USN AND PERVASIVE SENSING
- 1.6. CHALLENGES AHEAD
- 2. CYBER DANGERS LOOMING OVER THE SMART HOME
- 2.1. RISKY POTENTIAL FOR THIRD-PARTY DEVELOPER APPS
- 2.2. PIN EAVESDROPPING AND INSTALLING "BACK-DOORS" ON DOORS
- 2.3. GAINING ENTRY TO SMART HOME NETWORK VIA THE FRONT DOOR
- 2.4. LEVERAGING ZIGBEE LIGHT LINK'S VULNERABILITIES TO GAIN ACCESS TO SMART HOME NODES
- 2.5. EXPLOITING ZERO-DAYS IN AN EMERGING SEGMENT
- 2.6. RANSOMWARE AND THE FLIP SIDE OF BITCOIN
- 2.7. API AND CODE INJECTION
- 2.8. SMART HOME MALWARE - A CHANCE FOR ANTIVIRUS FIRMS TO INCREASE THEIR REACH
- 2.9. OTHER ATTACK VECTORS
- 3. BUILDING TOWARD SECURE SUSTAINABLE HOME AUTOMATION
- 3.1. COMMUNICATION PROTOCOLS - MARKET OUTLOOK
- 3.2. Z-WAVE, ZIGBEE, WI-FI, AND BLUETOOTH
- 3.3. UPDATED VERSIONS ENTER THE FRAY, BUT CERTAIN SECURITY ISSUES REMAIN
- 3.4. GUIDELINES FOR VENDORS
- 4. SUMMARY AND FUTURE OUTLOOK
