smart homes

Explore the Future of Smart Home Technology with Amazon’s Dream Home

/ bugejajoseph / Leave a comment
Photo by Jessica Lewis Creative on Pexels.com

From Amazon’s Echo to its Ring doorbell, the tech giant has made its way into many of our homes. But do you know what Amazon is learning about you and your family? From its smart gadgets, services, and data collection, Amazon has the potential to build a detailed profile of its users.

The data collected by Amazon can help power an “ambient intelligence” to make our home smarter, but it can also be a surveillance nightmare. Amazon may not “sell” our data to third parties, but it can use it to gain insights into our buying habits and more.

We must all decide how much of our lives we’re comfortable with Big Tech tracking us. Read the story authored by Geoffrey A. Fowler here to explore ways in which Amazon and potentially other Big Tech companies are watching us.

If you want to learn more about cyber security and smart homes, don’t hesitate to get in touch with me! I’m always happy to answer any questions and always look for collaboration opportunities.

The Matter Smart Home Standard

/ bugejajoseph / Leave a comment
Photo by John Tekeridis on Pexels.com

Matter is a royalty-free smart home standard that promotes platform and device interoperability. Built on the Internet Protocol, Matter enables communication across smart home devices and ecosystems over a variety of IP-based networking technologies, such as Thread, Wi-Fi, and Ethernet.

The persistent need for an Internet connection experienced by modern IoT devices is likewise addressed by the Matter smart home standard. Indeed, Matter products run locally and do not rely on an Internet connection, although the standard is designed to readily communicate with the cloud.

Security is a fundamental premise of Matter. Matter functional security includes the following five characteristics:

  • Comprehensive – Matter is an open-source framework designed to provide comprehensive security with a layered approach that includes authentication, attestation, message protection and firmware updates, relying solely on its own security features and not on external communication protocols.
  • Strong – Matter implements a variety of security techniques, including a cryptosuite based on AES, SHA-256, and ECC, as well as passcode-based session and certificate-based establishment protocols. It also adopts device attestation and the CSA Distributed Compliance Ledger to guarantee a compliant and interoperable ecosystem.
  • Easy to use – Matter security is a smart device platform designed to make the implementation and use of smart devices much easier for device makers and consumers alike. It comes with open source reference implementations and well-defined security assets, making it a secure and simple solution for customers.
  • Resilient – Matter security is designed to protect, detect, and recover data, utilizing multiple protocols and measures to prevent denial of service attacks and provide resilience even when sleeping devices are involved.
  • Agile – Matter is a crypto-flexible protocol that abstracts cryptographic primitives, enabling the specification to be quickly changed or upgraded in response to new security threats. The modular design also allows for individual protocols to be replaced without completely overhauling the whole system.

Matter is paving the way for a secure and reliable connected home of the future. With its comprehensive security and ability to operate without an Internet connection, Matter is the ideal choice for modern IoT devices. It is revolutionizing the way home devices communicate, providing a safe and secure environment for the connected home of the future.

Read more here: https://csa-iot.org/wp-content/uploads/2022/03/Matter_Security_and_Privacy_WP_March-2022.pdf and https://csa-iot.org/all-solutions/matter/

Popular smart home brands may be allowing the police to conduct warrantless home surveillance

/ bugejajoseph / Leave a comment

The security cameras in our smart homes from well-known smart home brands like Amazon and Google might not just be watching over our pets. According to an article in The Verge, they can also aid law enforcement in their investigations of crimes, but only if we do not mind the police viewing our footage without a warrant.

That implies that the police can access our private information without first presenting proof that an emergency situation exists. Police will probably only make use of this access for lawful objectives, such as preventing crime or attempting to locate a missing person in need of assistance. However, it does raise some issues regarding what may transpire when this technology becomes even more widely used and available.

What if, for instance, this access is utilized to locate and detain activists or protestors who have not breached any laws? Citizens may only exercise caution when shopping, be aware that their smart device may record personal information, and, if possible, enable end-to-end encryption.

If you have any questions about how to secure your smart home, do not hesitate to contact me.

The Internet of Things and Security

/ bugejajoseph / Leave a comment

The Internet of Things (IoT) is changing the way we live. The IoT is the idea of having devices that are connected to each other and can be controlled via the Internet. Cameras, refrigerators, alarm systems, televisions, and other electronic gadgets are examples of such devices. The IoT has contributed to giving people an improved quality of life.

But how can we put our trust in all of these IoT devices? How can we be sure they will not turn against us? How will we know whether or not the device we are utilizing is safe? All of these questions are key to unlocking growth in the IoT.

IoT devices can be both, physical and virtual in nature. They can have a variety of different functions, from being a simple remote control to being a complex system that monitors the environment, collects data, and sends it back for analysis.

Many people do not realize that their smart home devices may contain security vulnerabilities that hackers could exploit. Hackers can enter a smart home or even switch off the power by exploiting weaknesses in IoT devices such as connected door locks and lighting systems. For instance, over the course of one week, a study by the UK-based consumer group Which? discovered 2,435 malicious attempts to enter into devices with weak default usernames and passwords in a fake “smart home.”

Cybersecurity is a critical responsibility for organizations of all sizes, but manufacturers, in particular, must do more to ensure that IoT devices are secure from hackers and do not endanger consumer lives. Recently, in the UK, the Product Security and Telecommunications Infrastructure (PSTI) Bill was introduced subjecting stricter cybersecurity rules for manufacturers, importers, and distributors of IoT technologies. This new legislation intends to better protect consumers’ IoT devices from hackers, as well as help the IoT market get the trust it needs to reach its full potential. 

If you would like to learn about IoT security and how to safeguard your IoT devices, please get in touch.

Special Issue on Privacy and Trust

/ bugejajoseph / Leave a comment

We are guest editing a Special Issue on Privacy and Trust in IoT-Based Smart Homes and Buildings, and would like to personally invite you to contribute a paper.

For this Special Issue we are looking for high-quality original contributions including, but not limited to, the topical areas listed below:

  • Novel architectures, concepts, and models for trustworthy smart homes and smart buildings;
  • Privacy-enhancing and transparency-enhancing technologies for smart homes and smart buildings;
  • Privacy-by-design mechanisms for smart homes and buildings;
  • Vulnerability discovery and analysis for smart homes and buildings;
  • Threat modeling and risk assessment for smart homes and buildings;
  • Attack and attacker simulation for smart homes and buildings;
  • Trust and identity management for smart homes and buildings;
  • Access control models for smart homes and buildings;
  • Human factors in privacy and security of smart homes and buildings.

Please spread the word!

More info: https://www.mdpi.com/journal/sensors/special_issues/PT_SM

Keeping Your Smart Home Secure

/ bugejajoseph / Leave a comment

Smart homes are increasingly being subjected to attacks. The motives for this range from pranking users, causing chaos, cyberstalking, and more nefarious purposes. In spite of that, there are various strategies that residents can use to keep their home secure from intruders. In my latest article, I identify and discuss five of these strategies.

Check out the full article (in Swedish) by clicking here.

A full transcript in English is available to any interested reader.

Some initiatives to help secure smart home devices

/ bugejajoseph / Leave a comment

Smart home devices make people’s lives more efficient. However, implementing cyber security of smart home devices is just as important as the physical security of our homes. Below are three popular initiatives by governments to help secure consumer IoT, particularly smart home devices.

  • The Department for Digital, Culture, Media, and Sport (DCMS) published a Code of Practice titled “Code of Practice for Consumer IoT Security” to support all parties involved in the development, manufacturing, and retail of consumer IoT. Essentially DCMS guidelines are proposed to ensure that IoT products are secure-by-design and to make it easier for people to stay secure in a digital world.
  • The Federal Trade Commission (FTC) proposed in a detailed report on the IoT concrete steps that businesses can take to enhance and protect consumers’ privacy and security. Additionally, it introduced further guidance for companies to implement “reasonable security” in order to actively enhance and protect consumers’ IoT privacy and security.
  • The European Union Agency for Cybersecurity (ENISA) in their publication titled “Security and Resilience of Smart Home Environments” present examples of actions for users to perform in order to: choose a smart home device securely, operate a smart home device securely, and use online services for smart home securely.  ENISA later introduced good practices guidelines for securing IoT products and services throughout their lifetime.

There are a number of measures and practices identified by the three bodies above that apply to different IoT stakeholders. The stakeholders can range from device manufacturers to service providers to mobile application developers, and more. One core recommendation that applies, especially to the device manufacturers, is that of having no default passwords. The recommendation of changing the device’s password, and potentially have a unique password for every device, is something that I emphasize.

In case you want to know more about how to secure your smart home or are simply curious about IoT security and privacy, you are welcome to get in touch.

Initiatives being brewed by governments to strengthen the IoT privacy and security

/ bugejajoseph / Leave a comment

Last week, I have been asked by several news reporters what can be done to have more secure and privacy-preserving smart home technologies. In this post, I focus on some of the more recent and upcoming regulations and initiatives that are affecting, and likely to affect it more in the future, the IoT world. Purposely, I exclude the EU GDPR  and its US counterpart the CCPA, as I will talk about those in a separate post.

  • The EU ePrivacy Regulation. This  EU regulation aims to ensure privacy in all electronic communications – including instant messaging apps and VoIP platforms, and machine-to-machine communications such as the IoT. Also, it carries an identical penalty regime for non-compliance as the GDPR.
  • The EU Cybersecurity Act. This establishes an EU-wide cybersecurity certification framework for digital products, services, and processes. This includes the IoT, cloud infrastructure and services, threat intelligence in the financial sector, electronic health records in healthcare, and qualified trust services.
  • The IoT Cybersecurity Improvement Act of 2020. This new US law establishes minimum security requirements for IoT devices owned or controlled by the federal government. Specifically, it requires any IoT devices purchased by the federal government to comply with the NIST standards and guidelines.

In the future, I will talk about some of the standards and best practice frameworks that can help organizations develop secure and privacy-preserving IoT technologies. Also, I will suggest some guidelines that consumers can adopt to secure their home devices.

Is Your Home Becoming A Spy?

/ bugejajoseph / 1 Comment

On 9th October, I had the opportunity to present my paper at the IoT 2020 conference. I talked about smart connected homes to conference attendees participating in the security track. The presentation was pre-recorded and played to an online audience over Zoom.  It was in the format of a 12 mins presentation followed by 8 mins QA.

My presentation slot at IoT 2020.

The theme that I covered was about covert surveillance facilitated through commercial smart home systems retrofitted in homes around the globe.  In the study, we organized 81 systems by their data-collection capabilities with the intention of better understanding their privacy implications. Also, we identified research directions and suggested ways that allow users more control, transparency, and ethical uses over their personal data.

You can take a look at the presentation slides here. Also, please free to email me in case you need more information about my work.

My Final Seminar

/ bugejajoseph / Leave a comment

On September 18, I had the opportunity to present my PhD work to my fellow colleagues at Malmö University.  I had a 25 minutes slot, over Zoom, where essentially I summarized my research topic and presented my main contributions to the scholarly and industry community.

The discussion was led by Assoc. Prof. Martin Boldt from Blekinge Institute of Technology.  We had a very detailed and insightful 90 minutes conversation about smart homes, IoT, security and privacy.  After the meeting, I also received detailed written feedback about my work.

Some interesting points raised during our exchange are how homes are evolving and becoming more interconnected to different networks and services (whether it is the entertainment providers, healthcare providers, smart grids, and more).  With this evolution, the role and function of our home but as well our expectations of privacy are changing.  What if our intimate data gets in the hands of criminals? What if companies providing our services get hacked? What if our home technology is covertly spying on our children? These are some of the topics we talked about.

You can take a look at a redacted version of my presentation here.  A full version of the presentation will be uploaded in due time.