Imagine walking into a home where everything is interconnected, and devices perform the tasks you want them to without any input from you. This is the dream that has driven the smart home industry in the past few years – and according to many analysts, it is what the future will look like.
Apple has joined the race of building this future with the release of the HomeKit and its flagship HomePod smart speakers. But while users are excited about getting a taste of the Internet of Things at home, integrating smart devices also opens them up to dangers. How could hackers manipulate smart devices for malicious purposes – and is Apple’s approach more secure?
How smart homes are vulnerable to hacker attacks
Smart devices are a popular attack gateway for hackers, precisely because the industry is so young and users are so excited about IoT. This means that the professionals driving the development of smart home applications have not had enough time or experience to identify security risks and take measures to mitigate them.
It also means that individuals who buy and install smart home devices do not necessarily realize the tech involved or the threats that they may face. But while everyone seems to still be testing the waters, hackers have already managed to find ways to take advantage of this apparent lack of awareness and attack smart devices.
According to a report published online on bleepingcomputer.com on February 25, 2019, over 40% of smart homes were found to host one or more devices that were vulnerable to hackers performing remote attacks. More than 30% of those were in danger because users did not properly update their software in order to implement newly released security patches, while over 60% were compromised because the user credentials were too weak.
The same study revealed that more than 40% of all smart homes feature five or more devices that are connected to the Internet, with routers being the most common target of hacker attacks. Almost 60% of routers demonstrate some type of flaw, while 43.8% of printers in the US were found to be vulnerable to attacks.
Hackers looking to exploit smart devices frequently use them to carry out DDoS attacks, which is short for Distributed Denial of Service. A DDoS attack refers to a malicious attempt to render an online service temporarily unavailable by flooding the target with overwhelming traffic. In order to launch a DDoS attack, hackers need an army of compromised devices, which are often distributed all over the world in the form of a botnet.
According to the research reported by bleepingcomputer.com, DDoS attacks are the most important threat facing businesses, with roughly 50% of companies having suffered an attack in 2018.
What is Apple doing differently?
The infamous 2016 Mirai botnet incident, which saw smart devices turned into a zombie botnet army that was used to launch further attacks, was a wake-up call for the industry. Mirai infected IoT devices and used them to successfully target Dyn, a major DNS hosting provider, among other victims.
The attack on Dyn, a company that has been described as the backbone of the Internet, saw famous clients like Spotify, Twitter and Reddit suffering the consequences by being taken offline for several hours.
Mirai used easy-to-guess admin credentials to carry out the attacks, but despite the widespread publicity that it got, it was not the last instance of cybercriminals hijacking smart devices.
Roughly two years later, in 2018, a new botnet called Chalubo emerged, incorporating elements from the Mirai malware, which again manipulated smart devices to implement DDoS attacks.
Other high-profile incidents of hackers attacking devices connected to the internet include PewDiePie fans hacking printers, forcing them to print out messages in support of their idol – and also urging people to upgrade the cybersecurity of their printers. While this paints a bleak picture, Apple seems set on forging its own path when it comes to cybersecurity of its smart home suite.
— Dr.Moxmo (@Dr_Moxmo) November 29, 2018
It is true that Apple is currently lagging behind when it comes to mainstream adoption of its smart home products, and it is virtually overshadowed by its biggest competitors, Amazon and Google. Amazon is currently leading the smart speaker industry, with its products accounting for 63% of the market – relying heavily on its signature heavyweights, the Echo and the Echo Dot. Google comes in second at 17% with its Home and Home Mini devices.
Apple is even further down, with HomePod claiming a mere 4%. While some analysts view this as a sign of indifference or even weakness on Apple’s part, there is a different side to the story. Apple’s HomeKit is much more security-oriented than any other range of products on the market – which also makes for slower progress.
The tech giant insists that any device which is marketed as being compatible with the HomeKit suite adheres to strict cybersecurity and privacy standards. Among other requirements, it requests developers to implement end-to-end encryption and secure chips.
Since the company’s focus on user privacy is well-known, so the fact that Apple would make smart home security a priority even at the expense of generating sales, should come as no surprise to any Apple client. As we move towards greater smart home adoption, it remains to be seen whether Apple’s approach will prevail in the industry.