What Are Smart Appliances?
There are a wide range of features that appliances can have that a manufacturer might claim for them to be a smart appliance. After all, many devices have computers in them to help manage their energy consumption or adjust actions so that they perform their duties better. My fuzzy logic rice cooker is great at cooking all sorts of rice perfectly but is it a smart appliance? The real definition these days of a smart appliance is one that it is connected to other devices remotely. This can be as simple as a television that can stream video from a service like Netflix to an oven that can be setup with a meal that is refrigerated and then told remotely when to have the meal ready to eat.
Why They Are A Threat?
Essentially, anything that is connected to the internet can pose a risk. As the event at the start of this article pointed out, the smart appliances were used to send out bulk spam. Similarly, they could be setup to do things like a DDoS attack to take out web sites on the internet, be used as remote relays to try and break into other network systems or just be hacked to cause malice to the appliance owner. If the devices did not have any connection with the internet, the threats would be significantly lessened.
Lack of Security Expertise
One of the biggest problems with the rise of smart appliances is the lack of a security focus. Computers have existed for consumers for a long time and have developed a set of security standards. While not all software is necessarily secure, you often can get third party security companies that help maintain the security integrity of your computers. This is where Synmatec, McAfee, Kaspersky, Sophos and Trend Micro to name a few make computer security products to help protect consumers and businesses. Appliances on the other hand are reliant upon the developers of the software working at those companies. This can best be claimed as security through obscurity.
Users are unaware of how their devices are managed or interconnected. They have no ability to put a security product on them to help prevent any sort of attack. In essence, they have to rely on the appliance manufacturer to make a secure product. Since they use a proprietary system, they think that it will be more difficult to hack but . They still needed local access to do this but who is to say as our cars become more connected that this could eventually be done over the internet?
Need to Limit Exposure
The concept is that these appliances need to be connected to the internet to make our lives easier. A refrigerator that can notify us when we are running low on certain groceries, an oven that can be told when to start cooking or just being able to program when a TV program will be recorded by a built in DVR. They are all ideas that are beneficial to some people but they are not critical features. The thing is that many of these things don’t necessarily need to be directly connected to the internet to do these tasks.
For instance, a refrigerator could be setup to monitor the age of various perishable items in it. When they hit an expiration data, it can modify a shopping list to replenish those items. Rather than being designed to order them via the internet, why not just design it to sync up with a mobile phone shopping list application via a near field communication to update the apps list of items to get. It still is a smart appliance as it will sync with a device but is not exposed to the internet.
What Can Be Done About it…With the ubiquity of smart phones, I think that manufacturers should look at more ways to interface their smart appliances through a centralized system. This could be similar to a home automation system that could then be secured more readily by the consumer. After all, a smart automobile could route all its features through a smart phone or tablet connected to wireless internet. The phone security can then be used to hopefully prevent attacks. A central home automation server could do same with home appliances that need to be adjusted remotely. The downside to such a system of course is a single point of failure. That smart phone or automation computer breaking or being breached puts the whole system at risk. The different though is it is easier to secure a single point rather than multiple ones.
So, don’t give up on smart appliances. They can still be quite useful but as a consumer, be mindful of what those capabilities are and how vulnerable you may become through them. Hopefully manufacturers will start considering the smart appliance security implications now that real world threats have been found.