Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Security Things to Consider When Your Apartment Goes 'Smart'

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 29 Jan 2019 09:43:10 +0000 (UTC)
https://tisiphone.net/2019/01/28/security-things-to-consider-when-your-apartment-goes-smart/

By Lesley Carhart
https://twitter.com/hacks4pancakes
January 28, 2019
A couple weeks ago, I vented my frustration as an ICS security professional at my apartment building forcibly converting to networked smart locks. My tweets were widely misinterpreted, so I'd like to talk a little bit about privacy and security aspects to consider if (when) the property you rent from decides to go "Smart". To be abundantly clear, I'm not opposed to Smart Home systems -- most of us want to live in Star Trek and these devices are a way to a more convenient future. However, there are right ways and wrong ways to implement them, and many substantive privacy and security questions to ask as we move forward into that future. 

What’s Your Threat Model?
Before we go any further -- when we're talking about things that impact personal safety, it's crucial to think about the specific, realistic threats that we (or our families) face. In this blog, I'm going to talk about ways that consumer IoT and Smart Home systems can be abused to cause risk to safety and privacy. If your number one concern for your safety is a casual criminal breaking your lock and stealing your TV, and the loss of your activity data isn't something that substantially impacts or bothers you, you might decide that a flawed Smart Home system is an acceptable risk (or even a net benefit).
The EFF has a lovely guide on personal threat modeling here. I also enjoyed Sean Gallagher's article in ArsTechnica. Always that risk to your person or sensitive data is a combination of threat and vulnerability.
My threat model is not your threat model. I investigate nation state and criminal hacking for a living, and I’m a social media personality. Understand your own, and how security and privacy changes will impact it. 

[...]


--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: