Smart home systems must switch to better security, study finds

The security of smart domestic appliances that can be managed remotely must be improved to better protect users’ privacy, research suggests.

Experts have identified steps that manufacturers could take to improve the products’ security, in a market that is forecast to be worth £80bn by 2022.

They have identified flaws in the design of home automation systems, which could enable theft of passwords or other sensitive information, scientists say.

These weaknesses could also allow online attackers to interfere with the use of domestic devices, potentially causing stress and damage to their victims.

Researchers at the University of Edinburgh studied the security of Belkin WeMo, which is among the most popular smart home ecosystems.

The team found vulnerabilities in the design of the smartphone app that is used to control smart appliances, and in the way in which these devices are configured to use home WiFi networks. These weaknesses could enable cyber attackers to obtain users’ WiFi passwords and access to their online activities.

Researchers were also able to connect a fake device, created using computer code, which can appear to the user as a legitimate smart appliance. This has the potential to underpin phishing attacks – in which users are misled into disclosing account details that attackers can use to access other online accounts and private information.

The team have developed ways to help manufacturers remove similar weaknesses from designs and improve security. Their findings will be presented at the 2019 IEEE International Conference on Pervasive Computing and Communications in Kyoto, Japan. The research was funded in part by the UK National Cyber Security Centre.


Dr Paul Patras

Dr Paul Patras, of the University of Edinburgh’s School of Informatics, who took part in the study, said: “Smart home systems and the many benefits they offer are proving popular with consumers. It is important that these are developed with security in mind, and that regulations keep pace with developments in technology and its applications.”

Website | + posts

Founding Editor of The Edinburgh Reporter.
Edinburgh-born multimedia journalist and iPhoneographer.