Your submission was sent successfully! Close

  1. Blog
  2. Article

Nathan Hart
on 5 January 2023

Cybersecurity: What should device makers prioritise?

When people think of home security they usually think of an alarm system with a keypad next to the door. These days, however, home security should have two meanings. I’m here to talk about the second: cybersecurity. In other words, security in the smart home.

A recent investigation found that a shocking number of leading smart home devices contained outdated SSL libraries. An outdated SSL could leave the door open for malicious actors to listen in on network traffic. In the smart home context, that traffic could include extremely personal information such as when you’re at home or away. This kind of security threat is far from being the only one; consumer device security breaches are consistently in the news. Clearly, this is a significant issue.

Cybersecurity in the consumer space

Cybersecurity has long been a weak point for the smart home industry. Typically, smart home devices are made on a tight budget and a fast development cycle. This doesn’t leave a lot of room for “extras” like security. What’s more, these devices aren’t being used in safety-critical or high-value environments. The consequences of a smart toaster being compromised don’t begin to compare to the consequences of a factory robot being compromised. These facts have led to a certain complacency in the industry.

While the industry may have gotten away with some complacency until today, the consequences of poor cybersecurity in the smart home are much higher today than they were ten years ago.

Big data = personal data

The amount of data generated by the typical smart home today is orders of magnitude larger than it was five or ten years ago. Most smart homes these days have multiple microphones and cameras on the inside of the home, something that would have been unthinkable in the 2000s. Additionally, many devices contain a variety of cloud services and applications, each with their own associated data sets. 

This data enables some of the most advanced functionality we’ve seen in the smart home to date. Take ambient computing as an example of the possibilities offered by a large set of data from interoperable devices. Unfortunately, this data is also the reason that smart home cybersecurity matters now more than ever. A compromised smart home opens up a world of possibilities for bad actors – it could lead to identity theft, devices becoming part of botnets, or leaking of private information such as videos from inside the home.

How companies should respond

The problem may be widespread, but the good news is that companies operating in this space can very easily avoid making their devices a soft target for attackers. Companies should apply regular updates to their application and OS and should ensure that devices are properly isolated.

Robust and regular over-the-air updates

The first step towards having secure devices is having a robust update policy. Many devices in today’s smart homes do not receive updates without manual intervention by the end user. Realistically, that means they do not receive updates at all. This leaves the door open to an unknowable number of future threats.

Both application and OS updates are important here. Application vulnerabilities will be specific to each device, and it is up to the device maker to find and solve potential vulnerabilities to this software. Patches to OS vulnerabilities, on the other hand, will need to come from the maintainer of the operating system. In the case of Ubuntu and Ubuntu Core, Canonical can provide security maintenance and a number of other services.

Isolated systems

A second measure companies can take to protect their devices, especially in newer-generation devices that potentially run many applications and services, is to ensure that each of these applications is fully isolated so that vulnerabilities cannot spread. Ubuntu Core, for example, enforces this isolation system-wide, removing any such security threat.

With enough time and resources, attackers can likely access any system. Most likely, they will try to exploit the low-hanging fruit. The key for businesses in this space is to make the cost of attacking their devices higher than the benefit to attackers. 

To discuss how to increase your smart home device’s security posture, get in touch with us

Further reading

Canonical is a member of the Connectivity Standards Alliance. Ubuntu Core complements the Matter standard, providing polished solutions for over-the-air updates and security maintenance. Read more.

Related posts

6 July 2023

불변의 리눅스 데스크톱 기반으로서의 우분투 코어(Ubuntu Core)

Desktop Article

캐노니컬(Canonical)은 IoT를 위한 완전한 컨테이너 플랫폼을 만들기 위해 2014년에 우분투 코어 개발을 시작했습니다. 우분투 코어에서는 도커(Docker) 및 LXC가 구축된 것과 동일한 커널 컨테이너 기술을 사용하여 잘 정의된 업그레이드 및 롤백을 통해 시스템의 모든 구성 요소를 안전한 샌드박스에 넣습니다. 저희는 자율적으로 연결된 사물 인터넷 장치가 사람의 개입 없이 적용할 수 있는 업데이트를 수신하여 에지에서 보안 및 ...

Oliver Smith
31 May 2023

Ubuntu Core as an immutable Linux Desktop base

Desktop Article

Join us as we discuss the architecture of immutable operating systems and the role of Ubuntu Core in the future of the immutable Linux desktop. ...

29 November 2023

Meet Canonical at CES 2024

Ubuntu Article

It’s that exciting time of year, CES is almost here. With 2880+ exhibitors, the Consumer Electronics Show (CES) has cemented its position as the premier event for unveiling the latest technological advancements. With each passing year, CES becomes an even more integral platform for showcasing groundbreaking innovations. Join us at booth 9 ...