Smart home adoption has reached a tipping point, but the ecosystem remains woefully insecure due to users’ failure to follow best practices.
That’s the word from a global study from the prpl Foundation, which found that the smart home is quite mainstream, with 83% of respondents confessing to having connected devices, not including laptops, computers and smartphones, in use in their homes. Game consoles, wireless printers and smart TVs were the most popular devices—and yet security concerns have been raised about all three over recent years.
Geographically speaking, reported adoption of smart devices per household was strongest in the continental European nations of France (5.8 devices per household), Italy (5) and Germany (4.5), with the UK (2.6) and US (2.4) around the same level as each other. Japan has an average of just one smart device per home.
“Little research has been done on a large enough scale to uncover the level of penetration of smart devices in the home, and more importantly, the security implications,” said Art Swift, president of the prpl Foundation. “Once it was established how pervasive smart technology in the home is, we also wanted to find out whether consumers are aware of the risks of the connected home and if homeowners would ultimately take responsibility for securing this new cyber-domain, just as they would their physical front doors.”
The equivalent to the front door in the case of the cyber world is the home router. It is the conduit through which all domestic internet traffic passes. But while homeowners traditionally lock their physical front doors, the prpl Foundation study found that many are failing to secure their smart home by securing their routers. Failure to patch vendor updates could open critical vulnerabilities which hackers can take advantage of to eavesdrop on traffic and hijack smart devices.
Over half of respondents (57%) said they updated the router firmware “at least once a year.” But shockingly, 20% of respondents have never done so, and 23% didn’t even know it was possible.
Firewall ports should never be opened, yet users often think they need to be open in order for their internet-connected home services to work. An extraordinary 93% of consumers regularly leave one or more ports open on their router firewall.
Nearly half of respondents (46%) have never configured their router security settings.
The report also took a look at the role of the device-maker. While consumer electronics makers have often acted on the basis that security interferes with usability (i.e., that it’s commercially imprudent to release more secure devices or systems which are slightly less user friendly), the prpl study shows that an overwhelming number of consumers would favor security over ease-of-use.
Users are prepared to take more responsibility for security. Some 60% of respondents said they think the home user should take ownership of securing their connected devices, versus the manufacturer (20%) or service provider (20%). And more than 40% of respondents would generally prefer to pay more for more secure devices.
“As is the case with so many things in life, what users say they would do and what they actually do fail to align, and this has to be down in large part to education,” said Cesare Garlati, chief security strategist for the prpl Foundation. “However, it is heartening to see consumer attitudes shifting somewhat and this is something the IoT industry in general would do well to take note of.”
To be smart about smart home security, the prpl Foundation recommends that users should: Regularly check for router firmware updates; change default passwords on routers; configure firewall policies; enable MAC filtering; use guest networks for guest devices and home devices; disable UPnP; and close all ports on the firewall.
Photo © scyther5