The Risk of Credential Stuffing to the Smart Home
As technology advances and the costs of connecting electronic components to the internet decreases, the lower the cost of having an internet connected smart home is. Sensors placed throughout a house and integrated into home appliances can provide homeowners the advantages of monitoring and managing functions of the home remotely.
According to Rehman & Manickam (2016), there are three components of a smart home: indoor, outdoor and gateway. The indoor environment consists of physical internet connected devices such as smart locks, video doorbells, intelligent appliances, Wi-Fi thermostats, etc. The outdoor environment provides internet access to the smart service provider for remote access and management of the devices, while gateway devices act as a bridge between the indoor and outdoor environments. The gateway devices provide security by monitoring the network flow in the smart home and managing remote access to the smart home. Given their roles described above, these three types of components need to be taken into consideration when evaluating the inherent risks of a smart home.
Identifying Today’s Risks Facing Smart Homes
In today’s world, there are six major security threats to a smart home: eavesdropping, replay attack, message notification, denial of service, malicious codes and masquerading (Rehman & Manickam, 2016). Let’s briefly look at how each of these attacks works:
- An example of eavesdropping is when an attacker monitors internet traffic from indoor and outdoor environments without authorization from users. Data that passes through the network while the attacker is eavesdropping can be captured. This is considered an attack on the confidentiality of the smart home environment.
- Replay attacks can be leveraged by an attacker in instances where they can capture an action being performed on a smart home device and then replay that action over again to get the same result. There are many ways a replay (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/security-awareness/risk-credential-stuffing-smart-home/