HOMEPOD Cybersecurity procurement and smart home appliances
Every delivering system in the near future is a critical part of the puzzle to sustain and maintain autonomous or ad-hoc developments. Smart homes are already embedded environments with sensors and actuators which make a perfect game for any amateur which wants to learn or a professional which wants to harm. Let’s not forget the curiosity of human beings too.
This vast network of interconnected electronic components, communication devices and people who monitor and control processes, is no more than a management system which moves towards automation and autonomy, self-reliability.
Computer engineers work hard to achieve performance. Cybersecurity threats, whether malicious or unintentional, pose a serious and ongoing challenge for devices and engineers.
We can isolate in containers we can shut ports and we can isolate completely from getting or entering systems, but sometimes, systems need to speak to each other and this is where I personally identity the biggest threat to smart home appliances.
Majority of large-scale system communicate through the IEEE 802.1 protocol which is restricted to networks carrying variable sized packages such as hardwired.
Other systems communicate through radio waves and these range from GSM to LTE and short range devices (SRD) such as LoRa. Other bands are classified such as the the NATO A-O bands.
A variety of steps need to be taken throughout the life cycle of procurement systems to protect them from cyber threats. Embedding cybersecurity in procurement systems for smart home appliances is an important step for protecting these systems from external threats.
Including cybersecurity in the procurement process can ensure that those purchasing and supplying smart home appliances consider cybersecurity starting from the design phase of system development. This further ensures that cybersecurity is implemented throughout the testing, manufacturing, delivery, installation, and support phases of the product life cycle, improving overall reliability and reducing cybersecurity risks. To assist with embedding cybersecurity in the procurement of smart home appliances in future posts I will look how current owners, operators, integrators, and suppliers are integrating security in their home through the procurement process.
How do you know what you buy is secure?
1. Those who speak about it, usually know what is going on or they developed steps to protect. From my point of view the supplier shall provide summary documentation of its secure product development life cycle including the standards, practices (including continuous improvement), and development environment. This will help you understand what needs to be done and how to improve your home security.
2. Being predictive means also being preventive rather than being fixing issues after they occur. As such, the supplier shall provide a Quality Assurance (QA) program and validate that the software and firmware of the product have undergone Quality Control testing to identify and correct potential cybersecurity vulnerabilities which could leak to weaknesses.
3. Being knowledgeable about solving problems brings communities together. As such the supplier shall provide documentation about cyber-security related technical issues to allow customers to develop contingency plans to escape any threats.
What happens if you are experiencing a security breach?
When something bad happens, usually the target is the door or lock, to be unlocked. Even in a software environment, machines have locks such as SHA encryption keys. After an attacked discovers the key, will open the door. Once the door is open it will be easy to control the way you control. We don’t want to go there.
Before a key is being discovered an attacker looks first for vulnerabilities and are usually discovered in software, hardware or firmware and develops means to penetrate the system to discover the key.
How do you know if you are the target?
When machines are being attacked, they work slow and you can experience delays in commands or sometime non-responsive at all.
Check if your system is up to date. If it is, then something else might be happening.
If the problem persists or if you feel this is happening, go to your server room and look at the lights. If you see a lot of activity on the LEDs means something is wrong. Close the main switch in your home and reset it. If the problem persists call your security company and upgrade your server.
Cybersecurity is not a joke and our homes have a lot of personal and sensitive information. Be safe!