Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting our team. We will be in touch shortly.Close

  1. Blog
  2. Article

Nathan Hart
on 5 January 2023


Cybersecurity: What should device makers prioritise?

When people think of home security they usually think of an alarm system with a keypad next to the door. These days, however, home security should have two meanings. I’m here to talk about the second: cybersecurity. In other words, security in the smart home.

A recent investigation found that a shocking number of leading smart home devices contained outdated SSL libraries. An outdated SSL could leave the door open for malicious actors to listen in on network traffic. In the smart home context, that traffic could include extremely personal information such as when you’re at home or away. This kind of security threat is far from being the only one; consumer device security breaches are consistently in the news. Clearly, this is a significant issue.

Cybersecurity in the consumer space

Cybersecurity has long been a weak point for the smart home industry. Typically, smart home devices are made on a tight budget and a fast development cycle. This doesn’t leave a lot of room for “extras” like security. What’s more, these devices aren’t being used in safety-critical or high-value environments. The consequences of a smart toaster being compromised don’t begin to compare to the consequences of a factory robot being compromised. These facts have led to a certain complacency in the industry.

While the industry may have gotten away with some complacency until today, the consequences of poor cybersecurity in the smart home are much higher today than they were ten years ago.

Big data = personal data

The amount of data generated by the typical smart home today is orders of magnitude larger than it was five or ten years ago. Most smart homes these days have multiple microphones and cameras on the inside of the home, something that would have been unthinkable in the 2000s. Additionally, many devices contain a variety of cloud services and applications, each with their own associated data sets. 

This data enables some of the most advanced functionality we’ve seen in the smart home to date. Take ambient computing as an example of the possibilities offered by a large set of data from interoperable devices. Unfortunately, this data is also the reason that smart home cybersecurity matters now more than ever. A compromised smart home opens up a world of possibilities for bad actors – it could lead to identity theft, devices becoming part of botnets, or leaking of private information such as videos from inside the home.

How companies should respond

The problem may be widespread, but the good news is that companies operating in this space can very easily avoid making their devices a soft target for attackers. Companies should apply regular updates to their application and OS and should ensure that devices are properly isolated.

Robust and regular over-the-air updates

The first step towards having secure devices is having a robust update policy. Many devices in today’s smart homes do not receive updates without manual intervention by the end user. Realistically, that means they do not receive updates at all. This leaves the door open to an unknowable number of future threats.

Both application and OS updates are important here. Application vulnerabilities will be specific to each device, and it is up to the device maker to find and solve potential vulnerabilities to this software. Patches to OS vulnerabilities, on the other hand, will need to come from the maintainer of the operating system. In the case of Ubuntu and Ubuntu Core, Canonical can provide security maintenance and a number of other services.

Isolated systems

A second measure companies can take to protect their devices, especially in newer-generation devices that potentially run many applications and services, is to ensure that each of these applications is fully isolated so that vulnerabilities cannot spread. Ubuntu Core, for example, enforces this isolation system-wide, removing any such security threat.

With enough time and resources, attackers can likely access any system. Most likely, they will try to exploit the low-hanging fruit. The key for businesses in this space is to make the cost of attacking their devices higher than the benefit to attackers. 

To discuss how to increase your smart home device’s security posture, get in touch with us

Further reading

Canonical is a member of the Connectivity Standards Alliance. Ubuntu Core complements the Matter standard, providing polished solutions for over-the-air updates and security maintenance. Read more.

Related posts


Canonical
20 March 2024

Canonical’s Ubuntu Core receives Microsoft Azure IoT Edge Tier 1 supported platform status

Canonical announcements Canonical News

London, 20 March 2024. Canonical has announced that Ubuntu Core, its operating system optimised for the Internet of Things (IoT) and edge, has received Microsoft Azure IoT Edge Tier 1 supported platform status from Microsoft.  This collaboration brings computation, storage, and artificial intelligence (AI) capabilities in the cloud closer ...


lizzieepton
5 March 2024

Create an Ubuntu Core image with Landscape Client included

Internet of Things Article

Canonical recently released the Landscape Client snap which, along with the new snap management features in the Landscape web portal, allows for device management of Ubuntu Core devices. In this blog we will look at how this can be deployed at scale by building a custom Ubuntu Core image that includes the Landscape Client snap ...


lizzieepton
13 February 2024

Simplify IoT device management: How to add Ubuntu Core devices to Landscape

Internet of Things Article

Landscape has been a member of the Canonical product list for almost as long as Canonical has existed. Landscape allows administrators to manage their desktop and server instances from a single centralised portal. With the latest release of Landscape Server (23.10), we’ve introduced the ability to manage snap packages from Landscape – and ...