Smart Home Attacks And Data Weaponisation: The New Threat Vectors For 2017 And Beyond

security and privacy data

Intel Security’s Christopher Young issues some stark security warnings at RSA Conference 2017

Smart home attacks

Another potentially significant security issue is the rise of the smart home, driven by the growth of the Internet of Things (IoT) and our continuing obsession with connecting more parts of our homes to the internet.

The IoT is creating a rapidly growing attack surface for hackers to exploit and, for several reasons, is becoming a serious concern for security professionals.

“We know here in this audience that the home has been vulnerable for a long time, but we have to re-orient our efforts around the home for several reasons,” said Young. 

smart home controlled with tablet

“First, it’s increasingly where more of our employees do their work, so if you want to look at where your next corporate vulnerability might lie it’s likely to be in the home of the people who work for you.

“The other reason is that those homes now have more powerful, more connected devices that are increasingly being used to launch larger and more sophisticated attacks against us.”

The rise of this threat poses some interesting questions for security teams, namely how much does the smart home need to be taken into account when designing security architectures and to what extend do you “lock down” employees when they work from home?

“Freedom can create vulnerability,” Young warned, and finding the balance between security and productivity is becoming harder than ever.

Vulnerable devices are now “in the homes of our co-workers” and Young called for “a response across our industry as well as those who make, build and deliver the devices that are being connected in the home” in order to respond to respond to this very modern threat”.

“We have to make sure that the Internet of Things doesn’t become, because we haven’t paid enough attention do it, the Internet of Terrorism. As cyber security professionals, we need to go beyond just policies and deliver technologies for better security in the home,” he said. 

Oh, the irony

The ironic nature of both of these threat vectors is that, as Young explained, “the target has become the weapon”.

Rather than simply stealing information or fiddling with our thermostats, hackers are using data and connected devices as means of attack.

“For many years we’ve been focused, for example, on data exfiltration, someone coming to steal information and taking it from an organisation. Now we have to start to turn our attention to data being manipulated, weaponised and used against us to change the way we make decisions,” said Young. 

“In the home, from compromised devices, to weaponised devices. What we used to have to think about protecting, we now have to be protected against. It’s the strangest irony. And we’ve given the enemy all the scale they could possible want by connecting our homes with smarter, faster, better devices.”

We all thought 2016 was a bad year for cyber threats, but if these warnings are anything to go by, the security industry will have its hands full for a long time to come.

Quiz: The constant battle that is cyber security