Will Hackers Outsmart the Smart Home? Why Security Needs to Happen at the Design Level

Connected Devices Riddled with Insecurities, Badly-Coded APIs, and Poor Encryption

Oyster Bay, New York - 15 Sep 2016

The advent of home automation and rapid rise of smart home connected devices is seeing some vendors and new startups scramble to become a part of the movement, with ABI Research forecasting 360 million smart home device shipments by 2020. But many companies are leaving major security flaws in the wake of their hurried attempts to penetrate the market, producing products riddled with bugs and unpatched vulnerabilities. Ignoring cybersecurity at the design level provides a wide open door for malicious threat actors to exploit smart home products.

“We see an alarming increase in ransomware in smart TVs and IP cameras, code injection attacks, evidence of zero-day threats, and password eavesdropping for smart locks and connected devices,” says Dimitrios Pavlakis, Industry Analyst at ABI Research. “The current state of security in the smart home ecosystem is woefully inadequate. Smart home device vendors need to start implementing cybersecurity mechanisms at the design stage of their products.”

Numerous attack vectors have been identified in popular smart home communication protocols, such as ZigBee, Z-Wave, and Wi-Fi. Many companies are creating and selling easy-to-tamper smart locking systems, easy-to-hack sensor systems, and products that host a plethora of software vulnerabilities. This could allow home invaders to determine when residents are out and enable them to break in more easily; cybercriminals to carry out Distributed Denial of Service (DDoS) attacks and force appliances offline in exchange for ransom; and malicious actors to steal data, and possibly even personal information, and resell them online.

Despite the bleak outlook, some smart home vendors are starting to take cybersecurity seriously. A small number of vendors, including Amazon, Apple, Google, Samsung, and Philips, now include security within the project design phase, which primarily means securing the network, making use of encryption key management, and placing limitations on communication protocols.

“OEMs need to first think about security at the design stage and conduct risk assessments,” concludes Pavlakis. “The next step is to ensure that proper security testing happens before the product goes to market. OEMs then need to offer continuous security support over the course of the product’s lifespan. Without these basic measures, the eventual financial and reputational costs to OEMs will be high in the wake of malicious hacking of smart home products.” 

These findings are from ABI Research’s Smart Home Cybersecurity. This report is part of the company’s Digital Security and IoT, IoE & M2M sectors, which include research, data, and analyst insights.

About ABI Research

ABI Research provides actionable research and strategic guidance to technology leaders, innovators, and decision makers around the world. Our research focuses on the transformative technologies that are dramatically reshaping industries, economies, and workforces today. ABI Research's global team of analysts publish groundbreaking studies often years ahead of other technology advisory firms, empowering our clients to stay ahead of their markets and their competitors.

ABI Research提供开创性的研究和战略指导,帮助客户了解日新月异的技术。 自1990年以来,我们已与全球数百个领先的技术品牌,尖端公司,具有远见的政府机构以及创新的贸易团体建立了合作关系。 我们帮助客户创造真实的业务成果。

For more information about ABI Research's services, contact us at +1.516.624.2500 in the Americas, +44.203.326.0140 in Europe, +65.6592.0290 in Asia-Pacific or visit www.abiresearch.com.

Contact ABI Research

Media: Interview an Analyst

Media Contacts

Americas: +1.516.624.2542
Europe: +44.(0).203.326.0142
Asia: +65 6950.5670