Security within smart home devices is “woefully inadequate”, a new report has claimed, as manufacturers rush to release products at the cost of safety.
ABI Research said many products are hitting the market with “major security flaws [and]…riddled with bugs and unpatched vulnerabilities”.
Protocols such as Wi-Fi, ZigBee and Z-Wave have been identified as particularly easy to hack, making the likes of smart locks and sensors at risk of break-ins, distributed denial of service attacks, ransomware and data theft.
Dimitrios Pavlakis, Industry Analyst at ABI Research, said: “We see an alarming increase in ransomware in smart TVs and IP cameras, code injection attacks, evidence of zero-day threats, and password eavesdropping for smart locks and connected devices. The current state of security in the smart home ecosystem is woefully inadequate. Smart home device vendors need to start implementing cybersecurity mechanisms at the design stage of their products.”
However, Pavlakis noted that vendors such as Amazon, Apple, Google, Samsung, and Philips are taking security more seriously by building security into devices at the product design phase, using encryption key management and adding limitations to communication protocols.
This week Deutsche Telekom said its Qivicon smart home platform would be integrated with Amazon’s Alexa smart speakers.
Earlier this month, O2 launched its smart home offering, comprising thermostats, smart plugs and presence sensors.
He added: “OEMs need to first think about security at the design stage and conduct risk assessments. The next step is to ensure that proper security testing happens before the product goes to market. OEMs then need to offer continuous security support over the course of the product’s lifespan. Without these basic measures, the eventual financial and reputational costs to OEMs will be high in the wake of malicious hacking of smart home products.”