Smart Locks in the Internet of Things
The Internet of Things (IoT) is referred as the internetworking of physical devices and vehicles, defined as “connected” or “smart” devices. They are embedded with electronics and software that enable the collection and exchange of data between them.
IoT has been touted as many things in the past years. From nanny cams to look over our children, smart meters that control all selected appliances in our house or smart locks that allow you to open the front door of your house using your smartphone, IoT has become an integral part of our lives.
It seems like IoT has revolutionized our world (which is most probably the case) and has only brought solutions to our daily problems. Most people do not realize that with all these new connected devices, comes a major issue which is actually the fact that they are “connected”. This raises many potential ones regarding security and ethics.
If we look closely to a specific branch of new devices, smart locks, we can easily find issues from the fact that they are connected. A big majority of these new locks are built such that one can open his own door without the use of a key. This includes using a smartphone, a smartwatch, or any device that is already being carried by an individual. The lock can be opened via a Wifi, Bluetooth or NFC connection at the door, via a website request from anywhere or even via text message. These smart locks are built to make our lives easier as they let us open the door without the need of an extra item being carried, as well as letting temporary guests into our home. However, having this whole environment connected brings a few different issues to this solution.
The first and main issue is the security behind the smart locks. The majority of smart devices have all of the information and communication encrypted. John Oliver talks in large of encryption in one of his segments on “Last week Tonight with John Oliver”[1]. In it, he shows that if we are able to get control of a “connected” device like the car, we are able to have physical consequences to the use of it. In the same sense, for our smart lock, if the security is not strong enough, a user could be locked out of his house or even worst, an unwanted guest could be granted access to it.
The problem that arises is that there is already cases of smart locks and other devices being hacked. Here is an article on CNET, a website about tech product reviews, news and more, about the hack of a smart lock.
- Here's what happened when someone hacked the August Smart Lock - CNET
Worried about smart lock security? A recent vulnerability shows that smart lock makers still have a lot to learn.
They show that following a presentation on smart locks vulnerabilities, they were able to replicate them and hack into one before the manufacturer sent an update a few days after the presentation. This shows that even though manufacturers are quick to fix issues, there is still new ways of hacking into smart devices and having access to them.
This brings up the issue which is the ethical part of having all this data about devices gathered and stored. Even though it is useful to keep it to be able to log activity in a home, the fact that it is available can be an invasion of privacy because there is always the possibility of having this information stolen and used for malicious ends. All this data is associated with a user or a location and therefore it is not only data about a specific device but more about the users themselves.
To counteract this main issue of security and its consequences, there are more and more ways that are being found to make any connected device more secure. John Oliver talked a lot about the encryption behind all our lives. However, in a more serious environment, Alan Grau wrote, in the IEEE spectrum website, an article, “How to Build a Safer Internet of Things”, presenting the vulnerabilities of IoT and some possible solutions. He writes about firewalls, device management software, that communicates with security management systems, and finally, for older systems, the use of additional security hardware put in place to intercept malicious activities.
- How to Build a Safer Internet of Things - IEEE Spectrum
Today's IoT is full of security flaws. We must do better
To conclude we can see that the smart locks are a branch of smart devices that is beneficial for its users. However, it has its limitations, especially regarding the security around it and its related consequences.