Skip to content
  • Categories
    • Business
    • Tech
    • News
    • CEDIA
    • Videos
  • Issue Library
  • Podcasts
  • Newsletter
  • Subscribe
  • Directory
  • Events
  • Media Kit
  • Submit
  • Categories
    • Business
    • Tech
    • News
    • CEDIA
    • Videos
  • Issue Library
  • Podcasts
  • Newsletter
  • Subscribe
  • Directory
  • Events
  • Media Kit
  • Submit
cybersecurity
Home / News / Integrators / Goodbye Smart Hubs, Hello Hackers (And Integrator Liability)

Goodbye Smart Hubs, Hello Hackers (And Integrator Liability)

  • March 27, 2019
  • 7:00 am
  • Picture of Jay Basen Jay Basen

There have been a number of articles in the press about the lingering death of the smart home hub*. As Amazon Alexa and Google Home have become dominant forces in the smart home, their integration with smart plugs, switches, and other devices that utilize Wi-Fi for communications has lead to a large number of these devices being sold. Z-Wave and Zigbee devices, that require a hub for communications, appear to be falling out of favor with consumers.

Wi-Fi version 6 will eliminate many of the advantages that Z-Wave and Zigbee have as wireless communications mechanism for the smart home. However, there is one significant disadvantage that will not be eliminated; the ability of hackers to exploit vulnerabilities in Wi-Fi devices.  

There is a constant battle between manufacturers trying to maintain the security of their devices and hackers trying to locate vulnerabilities they can exploit. There are too many cases of vulnerabilities being found in IoT devices.

For example, in a recent case a security researcher found that a Ring doorbell could be hacked to show faked images. Could a hacker implant a fake image and use this to gain access to a home? Not enough information has been released to really know.

Fortunately, most of these vulnerabilities get fixed before hackers have the opportunity to take advantage of them; but that isn’t always the case. With smart outlets being sold for less than $10 and smart cameras for under $20 a buyer is left wondering how much effort and expense has been made to make these devices secure and will firmware updates be made available down the road to address vulnerabilities that are found.

The Advantage of Smart Hubs in Cyberattacks

Z-Wave and Zigbee devices have a distinct advantage that they aren’t exposed to the homeowner’s network. Instead, they are hidden behind the smart hub. Because of this they are much more difficult (I would never say impossible) to hack. This is why I think it is a mistake that Amazon and Google have taken the direction of focusing on integrating with Wi-Fi smart devices. It simply reduces the security of the smart home.

Even if every light switch, outlet, and thermostat in a smart home communicated with Zigbee or Z-Wave to a smart hub there would be plenty of other smart devices that are connected to a home’s Wi-Fi network. These include smart cameras, streaming media players, TVs, smart appliances, and the list goes on. Each of these is a potential target for a hacker.

With this as a background, the question becomes, “what is the responsibility of the integrator that has recommended and installed these devices if one gets hacked and the homeowner is in some way damaged”? Imagine a “nanny cam” in a child’s room being hacked and the video turns up on a child porn site. The parents would, with reason, be enraged. The manufacturer, very possibly in China, would be a target for that rage. However, trying to sue a Chinese manufacturer after clicking on a waiver written by a team of lawyers that is countless pages long would be problematic. With that manufacturer out of reach their blame could fall to the integrator that installed their security camera system.  

If you think that only cheap devices have vulnerabilities; you would be wrong. I recently started testing IoT devices using BitDefender’s home scanner. This free tool will scan a network and look for vulnerabilities in all the devices it finds. As an example, the following vulnerabilities were found in a surround sound receiver (running the manufacturer’s latest firmware) from a well respected manufacturer:

  • Privilege escalation vulnerability detected on http
  • Memory corruption vulnerability detected on http
  • Arbitrary code execution vulnerability detected on http
  • And more

Why Integrators May Be Liable for IoT Hacks

I consulted with an attorney about the potential liability of a technology integrator that sells and installs a device with vulnerabilities in a customer’s home. He agreed that if, at the time of the sale, the tools for an integrator to know about the vulnerabilities were readily available and using a tool would have shown the existence of the vulnerability, then the integrator, as an expert in technology, should have done the proper due diligence, investigated the product they were offering for sale, made the customer aware of the vulnerability and risk. If the integrator didn’t do this then they could be found negligent and held liable for damages.

Most owners of a smart home will accept the risk of adding more and more Wi-Fi smart devices into their homes because they just don’t believe they are a lucrative enough a target for a hacker to spend time on. But, the time will come when automated hacking tools will make everyone a target.

Keeping light switches, thermostats, outlets, and similar devices on a Z-Wave or Zigbee network instead of on Wi-Fi will still leave plenty of devices for a hacker to attack. But, from a numbers game, the lower the number of devices directly attached to the home’s network, the fewer targets there are, and the fewer the better. It is a shame that companies like Amazon and Google aren’t looking out more for the homeowner with their technology decisions.

 

For more from Jay Basen, visit his blog, Topics in Home Automation.

 

*Google and Amazon Are Killing the Smarthome Hub, and That’s Great
Here’s why smart home hubs seem to be dying a slow, painful death

TAGS
cybersecurityNewsmart hub
Facebook
Twitter
LinkedIn
Pinterest
PrevPrevious articleLeon Speakers Continues Sonos Partnership with New Custom Speakers
Next articleAustin Parade of Homes Showcases Pro-Level Home ControlNext
Picture of Jay Basen

Jay Basen

Jay Basen has been a home automation hobbyist for over 30 years and has worked professionally in the industry for almost 20 years. His professional background is electrical engineering and software development. He has a master's degree in engineering and has been writing software professionally for over 40 years. To read more of Jay's articles, visit his blog http://topicsinhomeautomation.wordpress.com/
RELATED POSTS
Motorized Solutions Perfect Fit

DEL Motorized Solutions Introduces Perfect Fit Mud-In Recessed Pockets for Lutron Shades

BusinessIntegrators
The Sevens Limited Edition Jurassic World Rebirth - Lifestyle - 1080x1920

Klipsch Showcases Limited Edition Jurassic World Themed Speakers

BusinessIntegrators
French Fries

Reviewing the Fritaire Self-Cleaning Air Fryer

BusinessIntegrators
DSC_0192

Designing Deliberately: A Closer Look at ProSource’s Colorado Training Center

BusinessIntegrators
  • Business, Integrators
SEARCH OUR SITE
NOW AVAILABLE
GET THE LATEST NEWS IN YOUR INBOX
* indicates required

TOP POSTS THIS WEEK
Facebook X-twitter Linkedin Instagram Youtube
  • Subscribe
  • Directory
  • Contact Us
  • Partner With Us
  • Join our team
  • Media Kit
  • Terms of Use
  • Privacy Policy
  • Subscribe
  • Directory
  • Contact Us
  • Partner With Us
  • Join our team
  • Media Kit
  • Terms of Use
  • Privacy Policy
Innovative Properties Worldwide, Inc.

1750 Wewatta Street, #1821, Denver CO,  80202 | 720.476.4920

© Residential Tech Today 2022. All rights reserved.

Produced by IPW