New models of appliances and other consumer electronics for households connect to the internet via home networks. While the data collected is handy for manufacturers, it opens new challenges for the privacy and security of the users and devices. New initiatives, such as project Matter and Zero Trust, PSA Certified, and complying with data privacy regulations can help vendors gain consumer trust.
Until just a few years ago, computing devices, alarm systems, and smart TVs were the only connected devices at home. These devices’ common denominator was that most came from computer and technology companies.
Nowadays, the situation has changed considerably. Appliances such as coffee makers, refrigerators, climate control systems, washing machines, cleaning robots, and other household electric devices have joined the smart home revolution and the internet of things.
The new systems, armed with a trove of new features and convenience for the house residents, are now making it possible to program, monitor, and control their operations from the convenience of a smartphone or tablet, anywhere.
That convenience and flexibility, however, come with the significant challenge of keeping the systems secure and protecting user privacy.
Privacy and security, after cost, are the biggest concerns for people considering connected appliances
Many smart appliances have cameras, audio recorders, and sensors so they can gather and store information about your habits and home.
Without proper safeguards, all the data that different devices and sites have collected about users can be combined, then exploited by marketers or stolen by hackers.
According to research conducted by the Tyndall Centre for Climate Change Research, University of East Anglia, United Kingdom, “Content analysis of smart home technologies (SHT) marketing material (n=62) finds the industry insufficiently emphasizing measures to build consumer confidence on data security and privacy. Policymakers can play an important role in mitigating perceived risks and supporting the energy management potential of a smart-home future.”
Consumers believe that “The market applications of SHTs should guarantee privacy, confidentiality, and secure data storage. SHTs should also be provided by credible companies with resources to provide performance warranties.”
Computer operating systems and smartphone apps are updated regularly to address security threats
Over the past few years, the need for solid security for IoT devices has been one of the main focuses of the electronics industry, consumer organizations, and governments. While there are many approaches to secure the billions of connected devices used in industrial applications, there is no single standard for manufacturers to ensure that their products will be tamper resistant.
To address the new threats and security holes appearing daily, device manufacturers and software companies issue continuous security updates to their systems and applications. While this is true for software companies and manufacturers of laptops, smartphones, tablets, and other computing devices, many other appliances and small electronics connected to the internet rarely or never receive a software update.
Aware of this fact, hackers find it easier to exploit security vulnerabilities on connected appliances than on sophisticated computers and wearables.
That’s why appliance manufacturers are now constantly talking to computer and smartphone vendors. The latter has a better understanding of the security implications of connected devices, and both industries need cooperation between all stakeholders.
Manufacturers need to agree to minimum security requirements for their products
Over the past few years, appliance manufacturers, computer companies, and semiconductor vendors have been busy setting minimum standards for connecting and securing smart home products.
One example is Project Matter. Initially called Connected Home over IP (CHIP), the initiative started in 2019 with companies such as Google, Apple, Samsung, and Amazon. Today, Project Matter has over 250 members, including big appliance manufacturers such as Bosch, Whirlpool, Huawei, Ikea, LG, and security companies such as Infineon, Arm, NXP, G+D, STMicroelectronics, and many others.
Comparable to the TPM standard, which raised the bar for PC security, Matter aims to help smart-home device manufacturers significantly increase their products’ level of security while keeping costs controlled and avoiding needless complexity with easy-to-use hardware-based security.
Additionally, founding members Apple, Google, Samsung, and Amazon agreed to work together towards the interoperability of their smart home products, eliminating the “walled gardens” that delay consumer adoption of those technologies.
There are other cross-industry initiatives, such as PSA Certified and GSMA IoT SAFE. Matter is, however, the most significant step in making smart home technologies easier to connect and secure, helping consumers gain control over their devices and raising confidence in the technology.
People should learn how to secure wireless networks and devices
You can take precautions, but ultimately, the more monitors, cameras, and internet connections in your home, the more risk there is that something will be hacked.
Unfortunately, when there is a new internet connection at home, usually with the ISP’s provided router, most users never change the default wireless keys or the router administration credentials.
Additionally, few people know the router’s advanced security, such as Access Point (AP) isolation --blocking device-to-device communication--; Wireless MAC filter --allowing only registered devices to access the internet--; or DoS protection.
Furthermore, once they activate the connection of their new appliances to the home network, many consumers forget about them and rarely check if there is a software or firmware update for their devices, especially for large appliances.
Using those features can help reduce the risk of someone else accessing the home network and attacking a connected device.
Manufacturers need to be better at informing consumers about privacy and security
As mentioned above, privacy and security are two major concerns for people in the market for appliances and connected devices.
Smart home technology vendors, appliance manufacturers, and the internet industry need to be more proactive in informing consumers about their efforts to safeguard their privacy and the safety of their products.
Consumers are aware that technology companies have been, and will continue to be, hacked to disrupt their operations and steal data about their users and products. The same users are unaware of the efforts manufacturers and vendors are taking to minimize the risks of something happening to them.
Fortunately, legislation such as the European General Data Protection Regulation (GDPR), California’s Consumer Privacy Act (CCPA), and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), among others, require strong protection of personal data and immediate disclosure of security breaches.
Clearly, a reactive approach to the security of connected devices is not enough. Security needs to be proactive and designed at the same time as creating or improving a product. And collaboration between the stakeholders, consumer organizations, and government agencies is paramount to creating a safe and confident smart home environment.