Networking & Cables

Cybersecurity Business Models: Smart Home Pros Need to ‘Go There’

Home-technology specialists at HTSA conference agree cybersecurity is a threat to the smart-home industry, and an opportunity for their integration businesses, but don't quite know what to do about it.

Cybersecurity Business Models: Smart Home Pros Need to ‘Go There’
Cybersecurity expert and ethical hacker Rob Krug from SonicWall enlightens smart-home specialists at the HTSA spring conference in San Diego.

·

Rob Krug of SonicWall, the network-security giant scared the bejeebers out of me at the HTSA conference in San Diego. Yesterday, the Certified Ethical Hacker showed us how he can easily hijack home-automation systems, spy on homeowners through their surveillance cameras, and track the computer activity of unsuspecting Starbucks customers.

Krug joined the event at the behest of Bjørn Jensen of WhyReboot, one of HTSA's preferred networking services provider. His presentation was at times hilarious, but mostly spooky as he demonstrated the vulnerabilities of today's smart homes.

He showed us how he could enter the computers of strangers at this very hotel, watching every keystroke, tracking Websites visited and content shared.

He provided demo video clips of more "strangers" in their homes, hijacking video cameras that revealed if anyone was home, what kind of goodies they owned, and ultimately the exact street address of the property.

He showed us how simple it is to unlock other people’s doors, comandeer home-automation systems, and infect devices with malware.

I tweeted about Krug's presentation, and a SonicWall PR person replied, inviting me to connect with them for more information.

I responded something to the effect of: “How would I do that? I’m disconnecting all my electronic devices.”

What to do about cybersecurity

Sure, Krug gave us a few tips to protect our stuff and ourselves – segment devices on the network, only enable access to services you actually need, tape over your cameras and mics when not in use ….

But how am I, as a consumer, supposed to know what questions to ask and what actions to take?

I left the session asking: How much would I spend to have someone do a cybersecurity audit of my home and my smart devices? I started out at $300, but HTSA members said that was too low. Then I went to $500. Then I "agreed" a monthly fee for security maintenance. That’s how scared I was after the SonicWall presentation.


Related: CTA Unveils Cybersecurity Checklist Tool for Integrators


The cyber "thing" was a big topic of discussion during the HTSA event. Dealers I spoke with certainly grasped the urgency of this threat, but few had any ideas how to turn it into an opportunity.

It's complicated. Devices all communicate differently. Just how "secure" do you make a client's network? How do you balance security and convenience? What are the potential liabilities of promising a "secure" network? How do you maintain security after consumers continue to add to their ecosystems?

Plenty of research confirms cyber-fears hamper the growth of smart-home adoption. Yet the HTSA dealers I spoke with didn’t seem eager to “go there.”

Someone will “go there” though, so why not home-technology integrators? You’re touching the network anyway. You’re going to get blamed. If some other entity decides to mass-market their cybersecurity services, they could ultimately cannibalize your business.

We need to take a serious look at cybersecurity-related business models, because there are some really bad guys who “collect malware for fun," like Krug, but not ethically.



  About the Author

Julie Jacobson, recipient of the 2014 CEA TechHome Leadership Award, is co-founder of EH Publishing, producer of CE Pro, Electronic House, Commercial Integrator, Security Sales and other leading technology publications. She currently spends most of her time writing for CE Pro in the areas of home automation, security, networked A/V and the business of home systems integration. Julie majored in Economics at the University of Michigan, spent a year abroad at Cambridge University, earned an MBA from the University of Texas at Austin, and has never taken a journalism class in her life. She's a washed-up Ultimate Frisbee player currently residing in Carlsbad, Calif. Email Julie at [email protected]

Follow Julie on social media:
Twitter · LinkedIn · Google+

Julie also participates in these groups:
LinkedIn · Google+

View Julie Jacobson's complete profile.



CE Pro Magazine

Not a Magazine Subscriber?
Subscribe Today...It's FREE!!

Comments

Posted by mbaty on March 31, 2017

I think the first step is to stop using “AV networking” equipment like Luxul (yuck). Use real enterprise networking equipment, which typically have everything from malware scanning to built in intrusion prevention and country blocking to name a few.

Posted by Julie Jacobson on March 31, 2017

HI, Brian—for sure our industry has made great strides in promoting and providing network security. What we haven’t done as an industry is create business models around it. Bjorn is a long-time friend and we had a lengthy discussion about this subject. He too was challenged by the idea of packaging cybersecurity solutions, since there are so many variations in product types and risk propensities. Someone like Geek Squad is going to start to offer “cyber audits” like they used to do with “energy audits.” I think we should take the lead, or at least be known as the leaders in the category.

Posted by bhudkins on March 31, 2017

Julie,

I’m surprised, regarding cybersecurity, that you concluded that “few (HTSA members) had any ideas how to turn it into an opportunity”. HTSA named Bjorn Jensen of Why Reboot as last year’s man of the year because of the extraordinary support he delivered to many HTSA members. Not only was he the man of the year, Why Reboot grew at a rate that substantially exceeded the growth of business overall, so the HTSA membership clearly knows what to do about these issues as witnessed by the amazing growth. I also spoke to one of HTSA’s largest control vendors and they added that they monitor a number of issues regarding security and they reported that they see less than 4% of the professional installations being left “open” to hackers as opposed to the likelihood that in the DIY market that the consumers fail to do basic things like change passwords form admin/admin in over 80% of the installations.

Posted by Eyal Kattan on March 31, 2017

Home networks, in most homes are wide open for hackers. Opened ports, remote access, cloud control, using DHCP…. All these and more are like backdoor left opened for hackers to grab.

Network security is a constantly-evolving industry of itself and with all do respect to our industry, I doubt it can be simplified in such a way that AV integrators can simply tweak a couple of properties and make the network more secured.

The Home Network needs to be designed, implemented, configured and maintained by network professionals, while the AV is becoming a “client” on the network.

I was recently requested by one of our distributors,  to test the new Luxul series of AV firewalls and was amazed by how limited the settings are compared to the enterprise-level firewalls we’ve been using.

Home networks are as mission-critical as enterprise networks and should be treated this way.

Posted by BryanKoutsky on March 30, 2017

It was a very interesting presentation… left you wanting to know more about how they are doing this, but at the same time, how we can prevent ourselves from being attacked.  Good article Julie, it was good to see you as always.

Posted by BryanKoutsky on March 30, 2017

It was a very interesting presentation… left you wanting to know more about how they are doing this, but at the same time, how we can prevent ourselves from being attacked.  Good article Julie, it was good to see you as always.

Posted by Eyal Kattan on March 31, 2017

Home networks, in most homes are wide open for hackers. Opened ports, remote access, cloud control, using DHCP…. All these and more are like backdoor left opened for hackers to grab.

Network security is a constantly-evolving industry of itself and with all do respect to our industry, I doubt it can be simplified in such a way that AV integrators can simply tweak a couple of properties and make the network more secured.

The Home Network needs to be designed, implemented, configured and maintained by network professionals, while the AV is becoming a “client” on the network.

I was recently requested by one of our distributors,  to test the new Luxul series of AV firewalls and was amazed by how limited the settings are compared to the enterprise-level firewalls we’ve been using.

Home networks are as mission-critical as enterprise networks and should be treated this way.

Posted by bhudkins on March 31, 2017

Julie,

I’m surprised, regarding cybersecurity, that you concluded that “few (HTSA members) had any ideas how to turn it into an opportunity”. HTSA named Bjorn Jensen of Why Reboot as last year’s man of the year because of the extraordinary support he delivered to many HTSA members. Not only was he the man of the year, Why Reboot grew at a rate that substantially exceeded the growth of business overall, so the HTSA membership clearly knows what to do about these issues as witnessed by the amazing growth. I also spoke to one of HTSA’s largest control vendors and they added that they monitor a number of issues regarding security and they reported that they see less than 4% of the professional installations being left “open” to hackers as opposed to the likelihood that in the DIY market that the consumers fail to do basic things like change passwords form admin/admin in over 80% of the installations.

Posted by Julie Jacobson on March 31, 2017

HI, Brian—for sure our industry has made great strides in promoting and providing network security. What we haven’t done as an industry is create business models around it. Bjorn is a long-time friend and we had a lengthy discussion about this subject. He too was challenged by the idea of packaging cybersecurity solutions, since there are so many variations in product types and risk propensities. Someone like Geek Squad is going to start to offer “cyber audits” like they used to do with “energy audits.” I think we should take the lead, or at least be known as the leaders in the category.

Posted by mbaty on March 31, 2017

I think the first step is to stop using “AV networking” equipment like Luxul (yuck). Use real enterprise networking equipment, which typically have everything from malware scanning to built in intrusion prevention and country blocking to name a few.