AI Can Help Protect Smart Home IoT Devices from Hackers

By AI Trends Staff

As researchers continue to find security flaws in smart home hub IoT devices, part of an immature security infrastructure. One researcher suggests AI can be helpful to address the vulnerabilities.

A cybersecurity team from ESET, an internet security company based in Slovakia, found bugs in three different hubs dangerous enough to trigger remote code execution, data leaks and Man-in-the-Middle attacks, according to a recent account from ZDNet.  The hubs were: the Fibaro Home Center Lite, eQ-3’s Homematic Central Control Unit (CCU2) and ElkoEP’s eLAN-RF-003.

The issues were reported to the vendors, and ESET did some follow up evaluation later. “Some of the issues appear to have been left unresolved, at least on older generations of devices,” ESET stated in its report. “Even if newer, more secure generations are available, though, the older ones are still in operation […] With little incentive for users of older-but-functional devices to upgrade them, they [users] need to be cautious, as they could still be exposed.”

The smart home hub vulnerabilities exist in devices that are poised for dramatic growth. According to IDC, the global market for smart home devices is expecting 26.9% growth in 2019, amounting to 832.7 million shipments. Growth of 17% is expected through 2023.

Revenue generated by the smart home market was estimated to be some $74 billion in 2019, with the US leading at $25 billion in sales projected for 2020, according to Statista. US penetration of smart homes is projected to grow from 18.5% in 2020 to 52% by 2023, the researchers estimate.

This growth means homes will be equipped with enough connected devices to rival the number of connections in a mid-sized company. Updates, passwords and settings will have to be managed, without the support of an IT security team or enterprise-level security tools, suggested a recent account from the IoT Security Foundation.

“This is where artificial intelligence and machine learning can come to the rescue,” the report states. “As is the case in many industries and niches, machine learning is complementing human effort and making up for the lack of human resources.”

AI Looks for Patterns in Device Communication to Flag Unusual Activity

AI is specifically adept at finding and establishing patterns, when it’s fed huge amounts of data, which is plentiful from IoT devices.

For example, a network traffic monitoring system can be applied to interactions between devices, to find attacks that might be past the outer perimeters. While the IoT is heavy with machine-to-machine (M2M) traffic, since device functionality and interaction is limited per device, the devices engaging in abnormal exchanges can be singled out. They may be compromised.

The common denominator of AI-based endpoint solutions that can outsmart malware is that they are very lightweight and use pattern-based approaches to deal with threats.

Researchers with consultancy Black Marble last year reported finding three vulnerabilities in two smart hubs made by Zagreb from Zipato of Croatia, according to an account in Bank Info Security. The researchers tried to see if they could unlock a door remotely without prior access, and take data off a single controller that could be leveraged to open other doors. They also searched for vulnerabilities that might allow for unlocking a door on the same network as the controller.

The researchers accomplished two of the three tasks and reported the third was very likely possible given enough time. The researchers reported the results to the vendor, which was reported to have addressed the software issues in a timely manner.

Zipato says it has 112,000 devices in 20,000 households across 89 countries; the company is not sure how many serve as smart home hubs.

Hackers Look for Data of Value Wherever They Can Find It

Hackers target smart home hubs for the potential to retrieve passwords and other data they can use for further exploits.

“All of these smart devices are really networked computers in addition to what they traditionally are: refrigerators, light bulbs, televisions, cat litter boxes, dog feeders, cameras, garage door openers, door locks,” stated Professor Ralph Russo, Director of Information Technology Programs at Tulane University, in an account from Safety. ”Many of these continually collect data from embedded sensors. Malicious actors could gain access to your home network through your device if they can exploit an IoT device vulnerability.”

Devices seen most at risk are outdoor devices with embedded computers that support little or no security protocols, such as garage door openers, wireless doorbells and smart sprinklers. Next most vulnerable are devices inside the home that can be controlled through an app from a smartphone or PC, such as smart bulbs and switches, security monitors, smart door locks and smart thermostats.

“These devices rely on weak security tokens and may be hacked due to weaknesses in the communication protocols used, configuration settings or vulnerable entry-points left open by the vendor for maintenance,” stated Dr. Zahid Anwar, an associate professor at Fontbonne University, St Louis.

Some hackers intend to take over smart home devices as part of a plan to build a network of bots, which could be used for example to orchestrate a large-scale capture of personal data, suggested Maciej Markiewicz, Security CoP Coordinator & Sr. Android Developer at Netguru, a digital consultancy and software company. “These devices can be easily used to conduct more complex attacks. Very often, the management of such botnet networks consisting of smart home devices are sold on the darknet to be used in crimes,” he stated.

Suggestions to protect smart home hubs include: assessing whether the risk of connection is worth the benefit, secure the Wi-Fi network router, use a password manager, register devices with the manufacturers in order to get the software updates, consider a professional installation and unplug the devices not in use.

Read the source articles in  ZDNet, at the IoT Security Foundation, in Bank Info Security and in Safety.