Rob Krug of SonicWall, the network-security giant scared the bejeebers out of me at the HTSA conference in San Diego. Yesterday, the Certified Ethical Hacker showed us how he can easily hijack home-automation systems, spy on homeowners through their surveillance cameras, and track the computer activity of unsuspecting Starbucks customers.
Krug joined the event at the behest of Bjørn Jensen of WhyReboot, one of HTSA's preferred networking services provider. His presentation was at times hilarious, but mostly spooky as he demonstrated the vulnerabilities of today's smart homes.
He showed us how he could enter the computers of strangers at this very hotel, watching every keystroke, tracking Websites visited and content shared.
He provided demo video clips of more “strangers” in their homes, hijacking video cameras that revealed if anyone was home, what kind of goodies they owned, and ultimately the exact street address of the property.
He showed us how simple it is to unlock other people’s doors, comandeer home-automation systems, and infect devices with malware.
I tweeted about Krug's presentation, and a SonicWall PR person replied, inviting me to connect with them for more information.
I responded something to the effect of: “How would I do that? I’m disconnecting all my electronic devices.”
What to do about cybersecurity
Sure, Krug gave us a few tips to protect our stuff and ourselves – segment devices on the network, only enable access to services you actually need, tape over your cameras and mics when not in use ….
But how am I, as a consumer, supposed to know what questions to ask and what actions to take?
I left the session asking: How much would I spend to have someone do a cybersecurity audit of my home and my smart devices? I started out at $300, but HTSA members said that was too low. Then I went to $500. Then I “agreed” a monthly fee for security maintenance. That’s how scared I was after the SonicWall presentation.
The cyber “thing” was a big topic of discussion during the HTSA event. Dealers I spoke with certainly grasped the urgency of this threat, but few had any ideas how to turn it into an opportunity.
It's complicated. Devices all communicate differently. Just how “secure” do you make a client's network? How do you balance security and convenience? What are the potential liabilities of promising a “secure” network? How do you maintain security after consumers continue to add to their ecosystems?
Plenty of research confirms cyber-fears hamper the growth of smart-home adoption. Yet the HTSA dealers I spoke with didn’t seem eager to “go there.”
Someone will “go there” though, so why not home-technology integrators? You’re touching the network anyway. You’re going to get blamed. If some other entity decides to mass-market their cybersecurity services, they could ultimately cannibalize your business.
We need to take a serious look at cybersecurity-related business models, because there are some really bad guys who “collect malware for fun,” like Krug, but not ethically.