Home Automation Pros – Do You Know Where Your Data Is?
Home Automation Software is not Immune from Security and Privacy Issues
Facebook CEO Mark Zuckerberg’s recent testimony in Congress shone a bright light on data privacy issues. In reality, the issues have been there for a long time, and while Facebook is a major player with an enormous amount of personal data, unfortunately, there’s more to worry about.
In this age of the Internet of Things (IoT), there are billions of devices connected to the Internet. Whether we realize it or not, most of them are collecting personal information and activity that ends up in the cloud. The trend to mobile apps as an interface of choice for home automation control brings our industry into this world.
Should we be worried? From a security standpoint, yes – but there are steps to take to mitigate risk. From a privacy standpoint, awareness of where your data is going and how it’s being used is an important consideration.
Let’s consider some security and privacy issues that may or may not be top of mind for you in the crush of the daily business – but that deserve your attention.
SEE ALSO: Why People Shifted Away from Crestron (And Why They’re Coming Back Now)
Protect Your Systems
We typically deal with high net worth clients. These clients prize their privacy and security. We install sophisticated camera systems and sometimes smart lock or access control systems. They want to make sure their systems are not going to be hacked into, exposing their property to intrusion or maybe demanding ransom for getting control back.
When setting up routers and networking systems, you don’t leave the default username as “Admin “and the password as “password,” right? You should consider the same security measures in controlling remote administrative access to a home automation system. Did you know there’s a scanner for IoT devices out there that can find remote access ports for home automation? It might be tempting to leave a back door open port on a router for easy remote access, but you need to ensure you have strong login credentials for the system.
Today’s home automation systems log every action in minute detail. While that’s extremely helpful to professionals for debugging problems, that information could be very valuable to a hacker. Any remote access to that data should encrypt that communication (typically with SSL), much the same way as today’s browsers warn users when they connect to an unsecured site.
How Private is Home Automation Data?
This video we shared from our Facebook page a few weeks ago illustrates a few ways that data privacy and security could impact smart homes.
It's not just new home devices that might collect data, either. The trend to smartphone and tablet control apps brings with it the use of cloud storage. Those apps have terms and conditions which often change, most of it revolving around disclosures about what data the app may collect. Most people just click through and accept them without reading – and they have to accept them because otherwise, they can’t use the app.
Big data and artificial intelligence techniques have come to our business. The move to apps that connect with cloud-based systems means that control apps can track everything an owner does, including their location at almost all times. That data, like most other apps that collect it, is ostensibly used to analyze how the systems are used and improve the next product generation or develop new features. However, like the recent Facebook scandal showed us, what if that data is made available to third-party developers? Is the privacy of that data completely secure? Is it completely anonymized such that it’s not traceable to the source? The answers are not completely clear.
Why should you care? If a client’s system is compromised, there could be a potentially serious liability issue for the integrator. For example – a hacker penetrates the home automation system, knows when the owner is away, turns off the security monitoring and cameras, and valuable artwork is stolen. If an investigation discovered that good security practices weren’t followed, a lawsuit could ensue. Even if your liability were limited, your reputation would still take a serious hit.
Andy Grove, the CEO of Intel that led the company through its biggest growth phases, wrote a famous management book called “Only the Paranoid Survive”. While we may not need to be overly paranoid – yet – let’s say that heightened awareness in our industry about data security and privacy is a good idea.
Want to see how ADAPT simplifies Crestron programming? Reach out; we’d love to show you.