Smart technologies have rapidly increased the convenience of otherwise menial tasks, and people are demanding that the same be done within their homes. A “smart home” is one that includes some form of automated processes, and perhaps the most basic example of such is a home that includes an Amazon Echo. According to the National Association of Home Builders, two-thirds of consumers say they want a smart home (1), and a McKinsey report found that the number of homes with smart technologies has been increasing 31% YoY (2). As devices become smaller and cheaper, and as large companies invest in the integration of home technologies, there will likely be an increase in the number of consumers with multiple connected devices within their homes (1). Establishing proper smart home infrastructure allows one to control multiple devices from a centralized location/device. Further, smart technologies can increase a home’s security, energy efficiency, and resale value (3). Of course, the advantages of a smart home vary by how many devices are connected to the smart home’s system; however, each device connected to a home’s system also poses additional risk. Given that diverse Internet of Things (IoT) devices with little to no intrinsic security measures are being sold to broadening consumer markets, buyers should understand what risks are associated with investing in smart home technologies.

It is worth noting that smart homes differ in product composition as well as configuration. Some companies (ex. Central Control) professionally install their own devices, which can be controlled from a central location, though this limits a user’s selection of integrable devices (4). The other major form of smart homes is app-based smart homes, which utilize IoT technologies to connect individual devices to a home’s network – often achieved through Wi-Fi or Bluetooth (4). Currently, the latter form of smart homes is cheaper and, thus, more accessible to the average consumer. 

Additionally, the safety of smart home devices varies by type of device as well as manufacturer. For example, security devices (alarms, camera systems) which communicate via Wi-Fi can be hacked by third parties and, thus, one’s security can be instantly compromised (5). Unfortunately, even non-security devices can lead to security issues; a smart thermostat can more efficiently cool a home, but it can also be hacked to reveal in which hours a homeowner typically leaves for work. Such devices can be accessed by hacking a device’s manufacturer, as was the case for Orvibo – a Chinese producer of smart home products. Orvibo’s user database was hacked by security researchers, and the hackers were able to not only reset users’ emails and passwords but gain access to homes’ smart locks and security cameras as well (6). Regardless of the product or its manufacturer, however, one’s devices can also be accessed through a network attack; upon hacking a home’s wireless internet system, a hacker managed to terrorize a Wisconsin couple by playing vulgar music and speaking to them through their Google Nest camera (7). 

As smart home products become more accessible and common, it is important to strengthen security measures for consumers. To do so, homeowners can potentially invest in middleware architectures to operate between the low-level layer of IoT devices and the high-level application layer, but smart home IoT devices often do not have the memory nor computational power to host the necessary cryptographic routines necessary for this solution (8). One could implement cloud architectures and connect each individual IoT device to the cloud, but doing so also requires always-on network connectivity and leaves devices exposed to network attacks (8). The best solution is perhaps the implementation of gateway architectures which can sit between local IoT infrastructures and the cloud – providing a firewall and proxy support to IoT devices. Utilizing a gateway creates minimal exposure to network attacks and works in the event of lost internet connection (8). Alternatively, at the cost of slightly slower process speed and higher energy consumption, blockchain technology can be used to increase a smart home’s security (9).

Investing in network-level security can heighten a home’s security as well (10). One such solution is to implement external entities capable of configuring control over a home’s network without being directly on the home’s data path, effectively serving as a connection between the home network and internet service provider (10). One can also prevent leaking network rate information through traffic shaping by independent link padding – matching traffic rates with a predetermined rate or schedule, thus not exposing real-time information about device behavior (11). Despite common belief, empirical evidence shows shaped traffic rates result in low bandwidth overheads and tolerable network latencies (11). Additionally, smart devices can be mostly secured using typical and well-practiced methods such as setting an internet router to the WPA2 standard, changing the default password on purchased devices, regularly updating devices, buying quality brands, using different passwords for each product, and preparing for internet/power outages as well as the discontinuance of the company from which a product was purchased (12, 13, 14).

Further, privacy issues are compounded among connected devices. Large tech companies claim that utilizing de-identification and on-device processing techniques help disassociate the data from the consumer (15). At the same time, Amazon and Google already have patent applications to listen to people’s conversations for clues of products the consumer would be interested in – enabling a future of ambient marketing (16). Consumers should understand that purchasing smart home products from companies often entails some degree of privacy invasion – whether their data is aggregated or not. To minimize security and privacy issues, it may help to strategically choose which smart devices are installed in one’s home. In fact, according to the chief scientist at security company McAfee, Raj Samani, one can increase a home’s security by simply questioning whether a given device is needed (12). Doing so could also decrease excessive and pervasive phone notifications in homes with many smart devices (17).

Lastly, while the concern of third-party interference is of course valid, another less-discussed security issue is misuse by consumers, themselves. In fact, there have been several reports of domestic abuse cases in which partners repeatedly change a home’s locks or ring the doorbell (18). In other cases, people have blasted music or turned off a home’s air conditioning to attack their partners (18). While these cases have historically been reported as domestic abuse, these issues, as well as the aforementioned issues of security and privacy, should be mitigated through regulations. Unfortunately, due to the smart home industry’s infancy, there exists little legal precedence, enacted regulations, or centralized regulating body for these cases (1).

Given these concerns, consumers with smart home devices should research how to improve their smart home’s security. Based on the above analysis, the most effective way to do so is likely at the network level or between devices and one’s network. Further, it is likely best for consumers to prioritize efficiency-focused smart devices before convenience-focused smart devices. Installing smart plugs, lights, and thermostats can reduce a user’s energy usage and, in turn, energy bills. Convenience devices such as smart speakers provide a futuristic charm, but their inclusion of mics creates additional privacy concerns that could otherwise be avoided. While smart speakers have largely driven consumer interest in smart homes, it may be more appropriate to promote efficiency-focused smart devices rather than those focused on convenience until developed countries can better regulate smart home technology markets.

Works Cited

1. National Association of Home Builders. (2020). Smart Home Technology. Nahb.org. Retrieved 21 May 2020, from https://www.nahb.org/Advocacy/Legal-Issues/Smart-Home-Technology

2. McKinsey & Company. (2020). There’s No Place Like [A Connected] Home. Mckinsey.com. Retrieved 21 May 2020, from https://www.mckinsey.com/spContent/connected_homes/index.html

3. Vaniukov, S. (2020, May 20). Powerful and New IoT Applications in Real Estate for 2020. IoT For All. Retrieved 21 May 2020, from https://www.iotforall.com/powerful-and-new-iot-applications-in-real-estate-for-2020/

4. OTELCO. (2020). A Thorough Guide to Home Automation and Smart Home Technology. otelco.com. Retrieved 21 May 2020, from https://www.otelco.com/resources/smart-home-guide/#home-automation-8

5. Forbes Technology Council. (2018, Jan 23). 13 Factors To Consider With Smart Home Products. Forbes. Retrieved 21 May 2020, from https://www.forbes.com/sites/forbestechcouncil/2018/01/23/13-factors-to-consider-with-smart-home-products/#157f7e03306a

6. Winder, D. (2019, Jun 2). Confirmed: 2 Billion Records Exposed In Massive Smart Home Device Breach. Forbes. Retrieved 21 May 2020, from https://www.forbes.com/sites/daveywinder/2019/07/02/confirmed-2-billion-records-exposed-in-massive-smart-home-device-breach/#19106cc2411c

7. Peterson, H. (2019, Sep 25). Wisconsin couple describe the chilling moment that a hacker cranked up their heat and started talking to them through a Google Nest camera in their kitchen. Business Insider. Retrieved 24 May 2020, from https://www.businessinsider.com/hacker-breaks-into-smart-home-google-nest-devices-terrorizes-couple-2019-9

8. Lin, H., & Bergmann, N. W. (2016). IoT privacy and security challenges for smart home environments. Information, 7(3), 44.

9. Dorri, A., Kanhere, S. S., Jurdak, R., & Gauravaram, P. (2017, March). Blockchain for IoT security and privacy: The case study of a smart home. In 2017 IEEE international conference on pervasive computing and communications workshops (PerCom workshops) (pp. 618-623). IEEE.

10. Sivaraman, V., Gharakheili, H. H., Vishwanath, A., Boreli, R., & Mehani, O. (2015, Oct). Network-level security and privacy control for smart-home IoT devices. In 2015 IEEE 11th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob) (pp. 163-167). IEEE.

11. Apthorpe, N., Reisman, D., Sundaresan, S., Narayanan, A., & Feamster, N. (2017). Spying on the smart home: Privacy attacks and defenses on encrypted iot traffic. arXiv preprint arXiv:1708.05044.

12. Twentyman, J. (2018, Oct 17). How security experts manage their own ‘smart’ homes. Financial Times. Retrieved 21 May 2020, from https://www.ft.com/content/7cc695dc-aba0-11e8-8253-48106866cd8a

13. Morrissey, J. (2019, Jan 22). In the Rush to Join the Smart Home Crowd, Buyers Should Beware. New York Times. Retrieved 21 May 2020, from https://www.nytimes.com/2019/01/22/business/smart-home-buyers-security-risks.html

14. Duffy, T. (2018, Dec). Security and Privacy in the Connected Home. Center for Internet Security. Retrieved 21 May 2020, from https://www.cisecurity.org/newsletter/security-and-privacy-in-the-connected-home/

15. McGee, P. (2020, Jan 9). The best of CES 2020: the smart home gets a lot smarter. Financial Times. Retrieved 21 May 2020, from https://www.ft.com/content/c559321a-32d0-11ea-a329-0bcf87a328f2

16. Margolis, J. (2018, Apr 25). Smart homes are a dystopian nightmare. Financial Times. Retrieved 21 May 2020, from https://www.ft.com/content/bf3ba564-4715-11e8-8c77-ff51caedcde6

17. Bunker, B. (2020, Apr 29). Council Post: The House That Cried Wolf: Why Smart Homes Need To Be Smarter. Forbes. Retrieved 21 May 2020, from https://www.forbes.com/sites/forbestechcouncil/2020/04/29/the-house-that-cried-wolf-why-smart-homes-need-to-be-smarter/#5463976023e3

18. Bowles, N. (2018, Jun 23). Thermostats, Locks and Lights: Digital Tools of Domestic Abuse. New York Times. Retrieved 21 May 2020, from https://www.nytimes.com/2018/06/23/technology/smart-home-devices-domestic-abuse.html