As part of National Home Security Month, Michelle Kradolfer, the Internet of Things Technical Officer at Police CPI looks at smart security products. Michelle graduated from Middlesex University in December 2019, with a Master of Cyber Crime and Digital Investigation (with Distinction).
When you think of traditional home security, the first products that probably come to mind are burglar alarms, security lighting, CCTV and deadbolts.
But security products have evolved to now include smart security cameras, video doorbells, locks, plugs and bulbs to name but a few.
There is no doubt that the rise of the Internet of Things (‘IoT’) and smart devices has revolutionised the way we live our lives, at home and at work, with many smart devices allowing you to control them remotely.
However, with the increase in IoT products available and a growing ecosystem of interconnected devices, cyber criminals are targeting and exploiting vulnerabilities of the products and within apps as most are mass-produced without security being in the forefront.
All smart security products are meant to give you more control over, and information about, the safety of your home.
Smart security simply means that you can control the security product from any internet connected device.
All are operated via associated apps, meaning you can protect your home from anywhere in the world, as long as you have an internet connection.
But from a security view point, these items are far from smart and introduce as many security issues as they appear to resolve. Many smart devices may be insecure when they are first switched on, so you’ll need to take some quick steps to protect yourself.
• If the device comes with a password that looks easily guessable (for example admin or 00000), change it
• Easily guessable passwords can be cracked by cyber criminals, so make sure you choose a secure one.
Advice on what makes a secure password can be found on the National Cyber Security Centre’s website https://www.ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0
Some smart locks even let you create ‘virtual keys’ so friends and family can enter the home when you’re not there and many cameras can be trained to recognise familiar faces and alert you to strangers.
However, accessing your device like this can make it easier for other people online to access them without your permission, so make sure you have changed default passwords and enabled Two Step
Verification (2SV) if available. 2SV provides a way of ‘double checking’ that you really are the person you are claiming to be, and makes it much harder for criminals to access your online accounts, even if they know your password.
You must also make sure your Wi-Fi router has a unique password as this is an easy access point for the cyber criminal to get on to your “home network.
When shopping for smart home security products, you should pay attention to product compatibility (can devices talk to each other?), ease of use, mobile app functionality and battery back-up features.
If you are not sure how many devices you need, look out for ‘starter kits’ that are sometimes better value than buying individual devices.
As with your computers and smartphones, installing software updates promptly helps keep your devices secure. For each of your smart devices, you should:
• switch on the option to install automatic updates (if available)
• install any manual updates when prompted
• make sure your device’s operating system is up to date
Many apps and smart devices use what is known as “shadow IT”. This is where a device piggy-backs or shadows the capabilities of another enabled app. It is therefore important that you check the functionality that you permit.
For example, do not accept “location tracking” where it is not necessary for your specific purpose; do not share your “contacts” to apps that aren’t specifically for your communications.
It is also important to remember that if you link your smart devices to Alexa or other ‘virtual assistants’, any voice can activate them, even from outside if they shout loud enough.
Secured by Design (SBD) operates an accreditation scheme on behalf of the UK Police Service for products or services that have met recognised security standards.
These products or services – which must be capable of deterring or preventing crime – are known as being of a ‘Police Preferred Specification’.
There are many hundreds of companies who produce thousands of individual attack resistant crime prevention products, in more than 30 different categories, which have met the exacting standards of the Police Preferred Specification.
This includes doors, windows, external storage, bicycle and motorcycle security, locks and hardware, asset marking, alarms, CCTV, safes, perimeter security products and many others.
This year SBD has launched a Secure Connected Device accreditation for companies providing Internet of Things (IoT) connected products.
As mentioned earlier, the increase in IoT products available and a growing ecosystem of interconnected devices, has led to cyber criminals targeting and exploiting vulnerabilities of both products and apps.
Without the appropriate levels of security, any internet connected device or app is at risk of providing cyber criminals with the ‘key’ in accessing and stealing personal data.
Working closely with certifying bodies, who assess IoT products and services against the ETSI EN 303 645, SBD’s IoT Device assessment framework identifies the level of risk associated with an IoT device and its ecosystem, providing recommendations on the appropriate certification routes.
Once third party testing and independent certification for a product has been achieved, the company can apply to become SBD members, with the product receiving the SBD Secure Connected Device accreditation, a unique and recognisable accreditation that will highlight products as having achieving the relevant IoT standards and certifications.
SBD’s is the only way for companies to obtain police recognition for security-related products in the UK.
To find out more on this topic, for tips to protect yourselves from IoT cyber threats and for further cyber security advice, visit www.securedbydesign.com/Internet-of-Things