As researchers continue to find security flaws in smart home hub IoT devices, part of an immature security infrastructure. One researcher suggests AI can be helpful to address the vulnerabilities.
A cybersecurity team from ESET, an internet security company based in Slovakia, found bugs in three different hubs dangerous enough to trigger remote code execution, data leaks and Man-in-the-Middle attacks, according to a recent account from ZDNet. The hubs were: the Fibaro Home Center Lite, eQ-3’s Homematic Central Control Unit (CCU2) and ElkoEP’s eLAN-RF-003.
The issues were reported to the vendors, and ESET did some follow up evaluation later. “Some of the issues appear to have been left unresolved, at least on older generations of devices,” ESET stated in its report. “Even if newer, more secure generations are available, though, the older ones are still in operation […] With little incentive for users of older-but-functional devices to upgrade them, they [users] need to be cautious, as they could still be exposed.”
The smart home hub vulnerabilities exist in devices that are poised for dramatic growth. According to IDC, the global market for smart home devices is expecting 26.9% growth in 2019, amounting to 832.7 million shipments. Growth of 17% is expected through 2023.
Revenue generated by the smart home market was estimated to be some $74 billion in 2019, with the US leading at $25 billion in sales projected for 2020, according to Statista. US penetration of smart homes is projected to grow from 18.5% in 2020 to 52% by 2023, the researchers estimate.
This growth means homes will be equipped with enough connected devices to rival the number of connections in a mid-sized company. Updates, passwords and settings will have to be managed, without the support of an IT security team or enterprise-level security tools, suggested a recent account from the IoT Security Foundation.
“This is where artificial intelligence and machine learning can come to the rescue,” the report states. “As is the case in many industries and niches, machine learning is complementing human effort and making up for the lack of human resources.”
AI Looks for Patterns in Device Communication to Flag Unusual Activity
AI is specifically adept at finding and establishing patterns, when it’s fed huge amounts of data, which is plentiful from IoT devices.
For example, a network traffic monitoring system can be applied to interactions between devices, to find attacks that might be past the outer perimeters. While the IoT is heavy with machine-to-machine (M2M) traffic, since device functionality and interaction is limited per device, the devices engaging in abnormal exchanges can be singled out. They may be compromised.
The common denominator of AI-based endpoint solutions that can outsmart malware is that they are very lightweight and use pattern-based approaches to deal with threats.
Researchers with consultancy Black Marble last year reported finding three vulnerabilities in two smart hubs made by Zagreb from Zipato of Croatia, according to an account in Bank Info Security. The researchers tried to see if they could unlock a door remotely without prior access, and take data off a single controller that could be leveraged to open other doors. They also searched for vulnerabilities that might allow for unlocking a door on the same network as the controller.
The researchers accomplished two of the three tasks and reported the third was very likely possible given enough time. The researchers reported the results to the vendor, which was reported to have addressed the software issues in a timely manner.
Zipato says it has 112,000 devices in 20,000 households across 89 countries; the company is not sure how many serve as smart home hubs.
Hackers Look for Data of Value Wherever They Can Find It
Hackers target smart home hubs for the potential to retrieve passwords and other data they can use for further exploits.
“All of these smart devices are really networked computers in addition to what they traditionally are: refrigerators, light bulbs, televisions, cat litter boxes, dog feeders, cameras, garage door openers, door locks,” stated Professor Ralph Russo, Director of Information Technology Programs at Tulane University, in an account from Safety. ”Many of these continually collect data from embedded sensors. Malicious actors could gain access to your home network through your device if they can exploit an IoT device vulnerability.”