Swisscom: Smart Homes & Security Risks
-
Upload
lea-maria-louzada -
Category
Technology
-
view
355 -
download
0
Transcript of Swisscom: Smart Homes & Security Risks
![Page 1: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/1.jpg)
Smart Homes &
Security Risks
Gregory Grin - 2015
![Page 2: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/2.jpg)
![Page 3: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/3.jpg)
3
Swisscom Smart Living
![Page 4: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/4.jpg)
4
The more we transform our life in a digital life, the more intimate information is potentially available
![Page 5: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/5.jpg)
![Page 6: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/6.jpg)
But, this is not a new situation. This is already the case in a “non-digital” life…
![Page 7: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/7.jpg)
And we take measures to protect ourselves
![Page 8: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/8.jpg)
There is no reason to not do the same in our digital life and while using Smart Home solutions
![Page 9: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/9.jpg)
It looks like there is a Digital Paranoia trend nowadays
![Page 10: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/10.jpg)
Proposed approach while considering Smart Home solutions for your house: A Healthy Digital Paranoia
![Page 11: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/11.jpg)
1. Physical Access
2. Wi-Fi
3. Passwords
4. Cloud vs. local
5. Connectivity within the Smart Home System
6. Interface
7. Systems with preventive measures
8. Firmware
![Page 12: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/12.jpg)
“Please destroy all my smart home system, all my home automation & comfort, as well as all my rainy Saturday afternoons spent at configuring it and making it work…”
The so called “Hammer Invitation”
![Page 13: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/13.jpg)
Consider locking your Ethernet sockets
![Page 14: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/14.jpg)
Secure your Wi-Fi network
1. Don’t stay with the default settings (there is a hacker public database with them)
2. Create a long complex password chain and do not hide it on a sticker under the router…
3. Don’t use your name, home address or other personal information in the SSID name
4. Enable the highest level of network encryption, and use a Smart Home system that supports it
5. Consider MAC address filtering
6. Potentially reduce the range of your Wi-Fi network
7. Upgrade your router Firmware
8. Consider a separate home network for your smarthome installation
![Page 15: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/15.jpg)
Passwords
§ Don’t stay with the default settings of your Smart Home system
§ Create long and complex passwords for your Smart Home devices
§ Don’t use the same password everywhere
§ If you are afraid to forget your passwords, use a password management tool
![Page 16: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/16.jpg)
Cloud vs. local
§ Consider a Smart Home system with which you can specify what you want to be on the cloud and what you want to keep local for privacy reasons
§ Local / cloud duplication is also an interesting feature from a security point of view but not only
§ How is the communication between the cloud and the Smart Home System handled? Https? With a trusted certificate? With mutual SSL authentication? With an additional level of encryption?
§ Where is the cloud? Is it hosted in a serious place that would resist to attacks?
§ Does your system providea standalone option withoutinternet and cloud?
![Page 17: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/17.jpg)
Connectivity within the Smart Home System
§ How do the sensors communicate to the outside or to a Smart Home Gateway?
§ Is it possible to use a mix of wireless and wired connections?
§ Does the system use standards (KNX, Z-Wave, Dect,…) that enforce a reasonable level of security and encryption?
![Page 18: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/18.jpg)
Interface
§ Does your system require to change any default password at start?
§ Does it allow and encourage the use of strong password (>=8 characters, upper case, symbols, numbers)
§ No hard-coded password is used
§ How does the interface react after multiple attempt of login with wrong password? (brut force attack)
§ How does automatic login work?
§ Is it possible to disable features that are not being used?
§ Is the web interface secured from bugslisted in the OWASP top ten vulnerabilities?
§ Can you modify privacy and securitysettings?
§ Is there a privacy mode? How does it work?
![Page 19: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/19.jpg)
System with preventive measures
§ Does your system react to jamming? How?
§ Does your system react to network and Wi-Fi failure? How?
§ Does your system send you notifications when it changes of state?
§ How does your system restart and reacts when there is an outage?
§ Is there a fail-safe mode?
§ How does the system/devicereact to tempering?
§ Does the system requireuser’s approval to enter inmaintenance mode?
![Page 20: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/20.jpg)
Firmware
§ Is there a simple and secured update process?
§ Are firmware upgrades of the devices signed and encrypted?
§ Can firmware upgrades be controlled by users?
§ How does the system react in terms of unrequested firmware upgrades?
![Page 21: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/21.jpg)
Conclusion
§ Unfortunately, it is difficult for users to secure their Smart Home themselves, as most systems do not provide a secure mode of operation
§ Nonetheless, there are advices to follow that reduce the risk of attacks
![Page 22: Swisscom: Smart Homes & Security Risks](https://reader031.fdocuments.net/reader031/viewer/2022030215/588999991a28ab330e8b6d09/html5/thumbnails/22.jpg)
Thank you!
Gregory Grin - 2015