The future of home security won’t be protecting against physical intruders, but instead ensuring houses are protected from remote digital attacks, according to researchers at the Fraunhofer Institute.
Smart homes typically contain an array of internet-connected devices to enable remote monitoring and management, however these devices also present a security risk.
Orchestrated attacks using multiple interconnected computers – known as botnets – could result in malicious individuals taking control of everything from heating and air conditioning to locks and roller shutters.
In extreme cases, such an attack could be used to imprison the homeowner, or even murder them. En-masse attacks could also be used to manipulate the price of fuel or other resources by creating an artificial surge in demand.
Concerningly, the researchers believe that at present smart buildings need to be far better protected to secure against such attacks.
Part of the issue is the relative ease with which botnets, which involve the infiltration and use of multiple computers without their owners’ knowledge, can be assembled.
“Our experiments in the laboratory revealed that the typical IT building is not adequately protected against Internet-based attacks. Their network components could be highjacked for use in botnets,” said Dr Steffen Wendzel of the Fraunhofer Institute for Communications, Information Processing and Ergonomics FKIE in Bonn, Germany.
In the past hackers had to indentify individual PCs and slowly build up their botnet, but now can make use of whole IT systems that are often connected using out-of-date router-like systems.
“They are configured quite simply, can only be upgraded with some difficulty, and are loaded with security gaps. The communications protocol that they use is obsolete,” explained Wendzel.
As smart homes grow in popularity and more internet-connected devices reach the mass market, the risk of attacks will increase.
Because of the mix of different suppliers and the somewhat random way that people are likely to connect items in their homes, it is unlikely that many will be able to ensure all their devices are secure from attacks.
“Keeping them up to the latest standards is expensive,” Wendzel said, warning that people should avoid “carelessly linking all building functions in private homes to the Internet”.
Attacks could not only be used to do damage remotely, but to provide information for a robbery. Would-be burglars could invade a smart home’s system to determine the best time to break in undetected, giving them a better chance of theft without being caught.
Such risks will undoubtedly be tackled further as smart homes become more popular, and the researchers are developing a digital security system that would act as a virtual guard, stopping attackers before they can access a building’s system.
However, for now consumers should think carefully before signing up for remotely-accessible home tech, and not just assume that being at home means being safe.
Featured image courtesy of Fraunhofer FKIE.