ineltec Forum, Messe Basel,
10. September 2015, 10.00 - 11.45 Uhr
Netzwerktechnik
Smart Living - Auswirkungen auf Kommunikation und Infrastruktur
Eine Veranstaltung von asut Schweizerischer Verband der Telekommunikation
Weitere Informationen zum Event finden Sie unter folgendem Link:
http://www.ieu.ch/ineltec-event-reports-2015/index.php?id=57
8. There is no reason to not do the same in our digital life and
while using Smart Home solutions
9. It looks like there is a Digital Paranoia trend nowadays
10. Proposed approach while considering Smart Home solutions for
your house: A Healthy Digital Paranoia
11. 1. Physical Access
2. Wi-Fi
3. Passwords
4. Cloud vs. local
5. Connectivity within the Smart Home System
6. Interface
7. Systems with preventive measures
8. Firmware
12. “Please destroy all my
smart home system, all
my home automation &
comfort, as well as all my
rainy Saturday
afternoons spent at
configuring it and making
it work…”
The so called “Hammer Invitation”
14. Secure your Wi-Fi network
1. Don’t stay with the default settings (there is a hacker public
database with them)
2. Create a long complex password chain and do not hide it on a
sticker under the router…
3. Don’t use your name, home address or other personal information
in the SSID name
4. Enable the highest level of network encryption, and use a Smart
Home system that supports it
5. Consider MAC address filtering
6. Potentially reduce the range of your Wi-Fi network
7. Upgrade your router Firmware
8. Consider a separate home network for your smart
home installation
15. Passwords
§ Don’t stay with the default settings of your Smart
Home system
§ Create long and complex passwords for your Smart
Home devices
§ Don’t use the same password everywhere
§ If you are afraid to forget your passwords, use a
password management tool
16. Cloud vs. local
§ Consider a Smart Home system with which you can specify what
you want to be on the cloud and what you want to keep local for
privacy reasons
§ Local / cloud duplication is also an interesting feature from a
security point of view but not only
§ How is the communication between the cloud and the Smart Home
System handled? Https? With a trusted certificate? With mutual
SSL authentication? With an additional level of encryption?
§ Where is the cloud? Is it hosted in a serious place that would resist
to attacks?
§ Does your system provide
a standalone option without
internet and cloud?
17. Connectivity within the Smart Home System
§ How do the sensors communicate to the outside or to a
Smart Home Gateway?
§ Is it possible to use a mix of wireless and wired
connections?
§ Does the system use standards (KNX, Z-Wave, Dect,…)
that enforce a reasonable level of security and
encryption?
18. Interface
§ Does your system require to change any default password at start?
§ Does it allow and encourage the use of strong password (>=8
characters, upper case, symbols, numbers)
§ No hard-coded password is used
§ How does the interface react after multiple attempt of login with
wrong password? (brut force attack)
§ How does automatic login work?
§ Is it possible to disable features that are not being used?
§ Is the web interface secured from bugs
listed in the OWASP top ten vulnerabilities?
§ Can you modify privacy and security
settings?
§ Is there a privacy mode? How does it work?
19. System with preventive measures
§ Does your system react to jamming? How?
§ Does your system react to network and Wi-Fi failure? How?
§ Does your system send you notifications when it changes of
state?
§ How does your system restart and reacts when there is an
outage?
§ Is there a fail-safe mode?
§ How does the system/device
react to tempering?
§ Does the system require
user’s approval to enter in
maintenance mode?
20. Firmware
§ Is there a simple and secured update process?
§ Are firmware upgrades of the devices signed and
encrypted?
§ Can firmware upgrades be controlled by users?
§ How does the system react in terms of unrequested
firmware upgrades?
21. Conclusion
§ Unfortunately, it is difficult for users to secure their
Smart Home themselves, as most systems do not
provide a secure mode of operation
§ Nonetheless, there are advices to follow that reduce
the risk of attacks