Just when we are getting comfortable with the transition into the internet of things (IoT) era, hackers are getting better at what they do, essentially telling users they are not safe. On the other hand, companies in the know are expending more energy keeping hacking cases under wraps, which is in essence putting users under more risk and damage.
In July this year, the Korean Government announced the “Home Appliance IoT Security Guide” intended to guide developers in incorporating security procedures in their products from design stage until it gets into the hands of users. This was just about a year after the “Common IoT Security Guide” issued in September last year. However, these security procedures are essentially what they are called, guidelines, meaning they are not compulsory and thus companies have no obligation to adopt them. Moreover, they are even less likely to adopt them considering the high cost involved in adopting the guidelines.
According to a report by the Korea Smart Home Industry Association, the Korean Smart Home market is expected to increase by almost 100% from 12.5 trillion won to 23 trillion won in less than two years. The association is a platform that allows exchange of information on the connection between mobile devices and home appliances which use the internet and telecommunications. It essentially means one can control their home appliances from outside using a mobile device. As cool as that sounds, it raises lots of privacy questions especially when security is thought to be weak, considering companies manufacturing these products do not consider high investment in security of much importance. Contributing to the dire situation is the fact that there is no globally accepted security standards that IoT gadgets are expected to meet.
To bring this home (pun intended), a security company called Checkpoint, discovered a security loophole in the home hub IoT device known as Smart ThinQ, an AI speaker produced by LG. Checkpoint discovered that hackers could remotely login and steal users account details, enabling them to control other smart appliances in the home, from cameras to vacuum cleaners. All made possible by the loopholes found in the mobile and cloud applications which the Smart ThinQ run on. Fortunately, this discovery has prompted LG to strengthen their security status, thus users are expected to update their LG products softwares so they are no longer at risk.
Although the spotlight is on LG electronics at the moment, these security vulnerability issues affects all smart devices manufacturing companies. The best protection therefore, according to Kim Deok-su, managing director of Penta Security, is for users to constantly update their device softwares whenever new patches are released by the manufacturing companies. He further noted that “As shown in recent cases, hackers are looking for vulnerabilities in cloud environments that connect to the IoT rather than the vulnerabilities of respective devices. Manufacturers need to take care of all three elements — application, devices, and cloud services. Large manufacturers have teams to pay attention to them. It is necessary to have an organization to check all of the three elements.”
As new smart devices are released daily, be it AI speakers from SKT, Kakao, KT and Naver, or children Smart Watches from Apple, it increases the targets for hackers to undermine security.