Change Location Europe - Flag EUR
 
Mouser Europe - Flag Mouser Europe

Incoterms: DDP is available to customers in EU Member States.
All prices include duty and customs fees on select shipping methods.

Incoterms: DDU applies to most non-EU customers.
Duty, customs fees and taxes are collected at time of delivery.


Please confirm your currency selection:

Euros
Euros are accepted for payment only in EU member states these countries.

US Dollars
USD is accepted in all countries.

Other currency options may also be available - see
Mouser Worldwide.

Bench Talk for Design Engineers

Bench Talk

rss

Bench Talk for Design Engineers | The Official Blog of Mouser Electronics


Home Automation Adventures Part III: Common Sense Things To Reduce The Home Automation Attack Surface Arden Henderson
  • In the last two blogs about Alice and Bob and their home automation system, we describe the general dangers of the internet and then dangers specific to home automation systems.

    In this blog, we'll cover simple common sense best practice things that Bob and Alice can do to improve defenses and reduce risk.
    By the way, these are common sense best practices for all aspects of personal computing, cell phones, web, and internet.

    Here is the short list of easy, common sense actions that anyone can do, all equal in priority and importance. Note that "device" might mean webcam, laptop, smart phone, smart car, alarm system, thermostat, and so on -- basically anything to be connected to the home network or the internet.


    Common Sense Best Practices for Home Automation Security

    • Only purchase devices manufactured by companies that have a clear, obvious, transparent, well-documented focus on security. You might be surprised how many companies are vague about security. Or, worse, "dumb down" the security specs, often creating misinformation, because the company believes the consumer isn't interested or capable of handling the information. Many devices today have manuals downloadable as PDF files -- good for perusing before purchasing. Read technical reviews before buying, particularly seeing what the reviewer says about the device and security.

    • In the same way, only use apps that are vetted by the manufacturer's app store process. This is a best practice for smart phones and any other computing device. While not perfect, any manufacturer's app qualification process reduces apps of dubious origins and hidden purposes.

    • Always read the "privacy policy" fine print. It's important to note here that no real "contract" or "guarantee" exists between the app developer and app user regarding privacy policies and the actual practice. It's an honor system at best, and mere web page text is not a contract in the conventional, binding, legal sense. Often, it is hand-waving promises of good intentions (without considering all the variables). However, the mere existence of some stated privacy policy is a good start. It's also informative as to the company's security/privacy philosophy. (Look for the text that says the company will gather information from the contact list and -- surprise -- share it with unnamed third parties. By "using" the software, as almost every policy will state, the user magically grants the app company this right to plumb their contact list, usage history, and pretty much anything else accessible. The unnamed third-parties, by definition, will have unknown or non-existing privacy policies. What can do the user do about this? Nothing other than not use the product. So, it comes down to a "reasonable risk" decision by the user.

    • Always change the factory password for any connected device.

    • Follow best practices for password creation. There are many websites that cover this in detail. Read two or three articles to get a wide range of views.

    • Where it's optional, always select the strongest security settings.
    For example, never use WEP or WPA for wireless; only WPA2. Turn on stronger cipher suites in the browser if they are not on by default.

    • Always ensure devices are running the latest software updates, where applicable. This can mean everything from installing the latest firmware in a router or upgrading a webcam application. In same way, always ensure the latest operating systems for all computers of any size, including smart phones.

    • Make sure the main firewall is on, between the internet and the home network. This firewall is usually part of a router. Most appliance router firewalls have few options and limited logging but it's a good idea to get familiarized with firewalls in general and the specific firewall in use. It's also a good idea to begin thinking, researching, and learning how the appliance gear can be replaced with something more sophisticated providing greater control.

    • Put tape over laptop and desktop computer cameras not in use.

    • Cover up the pet cam when not in use or just shut it down if it also has audio capabilities.

    • Shut down the baby monitor when not in use.


    If Bob and Alice follow such common sense best practices, which lend themselves to thinking in a security way and invoke more best practices, they are on a good start to reducing their home automation attack surface, and indeed the attack surface of all their internet-connected devices.

    Later on, as they get used to always thinking of security first, and become comfortable with a progressive process of security improvement, Alice and Bob will start to think outside the internet appliance bubble and realize they need a more sophisticated firewall for their home with improved logging, the better to see what is probing, poking, drilling, and scratching outside their digital wall. This is when they exploring their options of a fortress gateway to the internets and webtubulars.

    That, of course, is yet another story in Bob and Alice's technical adventures.


    Useful links
  • [1] https://www.mouser.com/blog/home-automation-adventures-part-i
    [2] https://www.mouser.com/blog/home-automation-adventures-part-ii

    [3] https://www.mouser.com/empowering-innovation/factory-home-automation?cm_sp=homepage-_-homeintro-_-empoweringinnovation-automationspotlight
    [4] https://www.mouser.com/applications/smart-lights-dark-side-home-automation/




« Back


Arden Henderson spent at least part of his life toolsmithing in dark, steam-powered workshops of software tool forges long gone, drenched in blood, sweat, and code under the glare of cathode ray tubes, striving for the perfect line of self-modifying software and the holy grail of all things codecraft: The perfectly rendered pixel. These days, when not working on his 1964 Flux Blend time machine (which he inadvertently wrecked before it was built after a particularly deep recursive loop), Mr. Henderson works in part-time castle elf and groundskeeper jobs, chatting with singularities spawned from code gone mad in vast labyrinths of vacuum tubes, patch cords, and electro-mechanical relays. Mr. Henderson earned a B.S.C.S. late in life at Texas A&M. Over the hundreds of years gone by before then and after, he has worked in various realms ranging from petrochemical wonderlands spread across the flat Gulf Coast saltgrass plains, as far as the eye can see, to silicon bastions deep in the heart of Central Texas.

All Authors

Show More Show More
View Blogs by Date