Smart homes are trending all over the world these days. Never before has the demand been so high for smart security systems, IoT lighting, and air conditioners, as well as upgradable home automation equipment. According to the Statista market research portal, the smart home market revenue in Germany alone will amount to 2,8 billion Euros in 2018. Therefore, the country is in the world’s top 5 by this criterion, giving in to the United States, China, Japan, and the United Kingdom.
There are various reasons for this boom. Whereas home automation used to cost a fortune, a growing number of vendors are now entering the market with inexpensive solutions. A lot of people have a heightened sense of security, whether it be protection against burglars, fire or burst pipes. Now they can choose the appropriate products that allow controlling their homes in every way imaginable.
The convenience factor, with managed lighting and HVAC systems in place, is hard to overestimate, too. Governments also contribute to the popularity of smart systems in a way. In Germany, for instance, banks and loan companies require that new buildings be equipped with anti-trespass protection. Furthermore, new legislation is being passed that obliges citizens to install smoke detectors in their homes.
No matter how favorably people treat smart home systems, there are plenty of skeptical perspectives regarding the appropriate products that mostly stem from the fact that these solutions cannot be used without Internet connection and cloud services. These caveats have some solid reasoning behind them as there have been numerous reports about vulnerabilities of smart homes.
In fact, poorly protected systems aren’t rare: last year, the Aldi discount chain sold IP CCTV cameras that could be used without a password at all. The outcome of such an imprudence is that someone might remotely watch a streaming video of what’s going on in your living room. Although the manufacturer has since provided a firmware update, users need to install it manually. This specific camera model by Aldi isn’t the only example of easily hackable smart devices that you can find by simply googling “unprotected cameras”. Malefactors can also scan the entire smart home for potential weak links, such as your PC or server.
When looking for a safe product, consumers often bump into a bevy of manufacturers using dozens of proprietary alarm and security standards whose efficiency is very problematic to verify. To top it off, these solutions often go with incompetently written user guides, and their firmware must be updated manually, which is a nontrivial task for those who aren’t tech-savvy.
There are different ways to safeguard a smart home. Of course, the best protection can be ensured by an autonomous system that can function without Internet access. The question is, who can offer a system like that?
Complete functionality without the cloud is a rare case
I have examined major manufacturers of smart home systems and analyzed what their products can do in offline mode, also focusing on the inconveniences that the consumers will have to experience in such a scenario.
For example, the Philips Hue and Osram Lightify lighting systems can be used without Internet connection – well, that’s something you might expect from a lights management solution, isn’t it?
In order to control the system via a smartphone app, you certainly need to go online. The same holds true for the Qivicon Home Base in the context of their cloud services – for instance when controlling an IP camera. All the other Qivicon controls are implemented over WLAN as the smart functions are built into the Home Base proper.
The Innogy manufacturer is trying to make their systems as autonomous as possible. After the original smart home customization has been completed, the base station can do without Internet connection the rest of the time.
The equipment by HomeMatic company, which offers a wide range of home automation services, can operate offline as well.
Nest, a relatively new player on the European market, is Google’s brand producing smoke detectors, security cameras, smart thermostats, and other security systems. If you disable remote access, the smoke detectors and thermostats can work in offline mode. However, firmware updates are rolled out and installed via the cloud only. Furthermore, both indoor and outdoor security cameras by Nest need permanent access to the cloud service.
None of the solutions by D-Link can work without Internet connection. Any interaction between a control application and the automation system takes place via the “mydlink” cloud service. However, the scheduling solution and IP cameras don’t require connectivity as long as they are properly configured. As a countermeasure for hacking, D-Link even recommends using a router with an extra UMTS channel so that the alarm systems can continue to work if cable connection fails.
Protecting the smart home on your own
So, obviously, an increasing number of smart home systems can operate offline in one way or another. Of course, remote access and firmware updates are impossible without cloud services. Nevertheless, you can take some precautions to reduce the risk of an attack.
First and foremost, use strong passwords to access devices that require Internet connectivity. You should also rename the standard “Admin” account or deactivate it altogether. Hackers tend to scan these networks for such usernames, and this is a serious concern for IP cameras in particular. Make sure the firmware is up to date at all times, and don’t rely on automatic updates in this regard.
Furthermore, IP cameras are almost always registered at the web server automatically once turned on for the first time – it’s convenient because the real-time video streams through the website directly regardless of the time and the specific device. On the other hand, though, this registration is a godsend for hackers. It might make sense to completely disable Internet access for devices that are the biggest lure for perpetrators. You can do it using the wireless router’s web interface.
If you use a virtual private network (VPN), you get encrypted access to your smart home components without a workaround via a cloud server. You can also leverage Raspberry Pi and OpenVPN to create your own VPN server. This way, even when you are outdoors, your smartphone that you use to control your home automation system will continue to be a part of your home LAN. It is not necessary to connect VPN to each device separately but route all you traffic through one router that works through a VPN (or even Double VPN for more protection).
If you follow basic security practices, always use up-to-date firmware, secure your router and WLAN properly, and add a VPN connection to the mix if possible, then you can confidently and safely join the popular trend and make your home smart.
David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking.