Security of Domestic Products in the IoT

Abstract

In the last few years, the idea of connecting existing computing devices through wireless communication has given place to the concept of the Internet of Things (IoT). Many products are already available for the domestic market and a broad-spectrum of new applications is envisaged. As availability is increasing, the cost of smart household devices is getting lower. Accordingly, the amount of modern homes with domestic products in the IoT will grow. However, security and privacy remain major concerns due to threats of intrusion into private life as well as physical threats to domestic appliances. The aim of this thesis is to investigate how secure some of the domestic IoT products are that are available today.

In order to perform this research, a survey of existing products, protocols, and standards is conducted in order to draw a picture of the current status of IoT security in the domestic environment. Subsequently, research on the WeMo Light Link Starter Set was carried out to investigate whether or not it is secure, according to any reasonable definition. Finally, the findings from the practical research were analyzed and compared with similar products found in the survey.

Investigating the the smart product demonstrate that it can be compromised by an attacker from different aspects. Notably, the product requires access to the user's home network, where a minimum of additional security mechanisms are provided by the IoT system. Hence, a weakly secured home network could result in a complete device takeover. Additionally, security concerns is identified in the ZigBee protocol, which is used between some of the parts in the WeMo Light Link Starter Set. Nevertheless, some of the identified security issues are less likely to present risks, due to the restrictions created by the domestic environment. Even so, the found weaknesses may be amplified in commercial settings.