Cyber Attack Underscores Smart Home Vulnerability

The cyber attack on cloud-based Internet performance management company, Dyn, on Friday, October 21, has amplified concerns over the security of smart home products.

The distributed denial of service (DDoS) attack severely limited East Coast access to a number of websites including Twitter, PayPal and Amazon, and is said to have relied on a number of smart home devices including security cameras, baby monitors and routers.

Vendors told HOMEWORLD BUSINESS® that security remains a hurdle for consumer adoption of smart home products, and the widespread cyber attack was yet another reminder of the segment’s current vulnerability.

The attack also raised the voices of a number of security analysts already wary of the trouble unregulated smart home products could cause. The New York Times reported that, according to security researchers, the assault was only a glimpse of how smart home devices could be used for online attacks.

Thomas Worley, co-founder and CEO of Dado Labs, told HomeWorld Business that there are two styles of smart home design and one works on open source operating systems. “Those are pretty risky just from a standpoint that a lot of them are coming out of China and going through the development process and learning as they go. The breach that happened was due to products with a lot of ports being left open and the device not being secured or encrypted. They can easily take DDoS attacks,” he said.

However, he added that while some smart home products can definitely create entry points for malware, there are standards in the U.S. that protect against most of these attacks when properly implemented. “It’s about the brands doing their homework, the brands understanding their security and picking a platform that has the right industry level standards for security,” he said.

The issue of federal regulation in the U.S. is still being raised. The New York Times reported that it is still unclear what government agency could be responsible for cyber security in the U.S. as the network is not owned by the government, but the Federal Bureau of Investigation and Homeland Security are currently looking into the incident and its potential causes.